Debian Curl vulnerabilities

CVE-2016-3739 [MEDIUM] CVE-2016-3739: curl - The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_conne... The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate. Scope: local bookworm: resolved (fixed in 7.50.1-1)

CVE-2016-8623 [LOW] CVE-2016-8623: curl - A flaw was found in curl before version 7.51.0. The way curl handles cookies per... A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. Scope: local bookworm: resolved (fixed in 7.51.0-1) bullseye: resolved (fixed in 7.51.0-1) forky: resolved (fixed in 7.51.0-1) sid: resolved (fixed in 7.51.0-1) trixie: resolved (fixed in 7.51.0-1)

CVE-2016-0754 [MEDIUM] CVE-2016-0754: curl - cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in th... cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2016-9952 [HIGH] CVE-2016-9952: curl - The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through... The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com." Scope: local bookworm: resolved bullseye: resolved forky: resolved sid:

CVE-2016-8616 [LOW] CVE-2016-8616: curl - A flaw was found in curl before version 7.51.0 When re-using a connection, curl ... A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the cas

CVE-2016-8622 [LOW] CVE-2016-8622: curl - The URL percent-encoding decode function in libcurl before 7.51.0 is called `cur... The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could the

CVE-2016-4606 [CRITICAL] CVE-2016-4606: curl - Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remot... Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved t

CVE-2015-3144 [CRITICAL] CVE-2015-3144: curl - The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not pro... The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80." Scope: local bookworm: resolved (fixed in 7.42.0-1

CVE-2015-3145 [HIGH] CVE-2015-3145: curl - The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does... The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. Scope: local bookworm: resolved (fixed in 7.42.0-1) bullseye: reso

CVE-2015-3153 [MEDIUM] CVE-2015-3153: curl - The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP h... The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. Scope: local bookworm: resolved (fixed in 7.42.1-1) bullseye: resolved (fixed in 7.42.1-1) forky: resolved (fixed in 7.42.1-1) sid: resolve

CVE-2015-3236 [MEDIUM] CVE-2015-3236: curl - cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication creden... cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors. Scope: local bookworm: resolved (fixed in 7.43.0-1) bullseye: resolved (fi

CVE-2015-3148 [MEDIUM] CVE-2015-3148: curl - cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Nego... cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. Scope: local bookworm: resolved (fixed in 7.42.0-1) bullseye: resolved (fixed in 7.42.0-1) forky: resolved (fixed in 7.42.0-1) sid: resolved (fixed in 7.42.0-1) trixie: resolved (fixed in 7.42.0-1)

CVE-2015-3237 [MEDIUM] CVE-2015-3237: curl - The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows ... The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. Scope: local bookworm: resolved (fixed in 7.43.0-1) bullseye: resolved (fixed in 7.43.0-1) forky: resolved (fixed in 7.43.0-1) sid

CVE-2015-3143 [MEDIUM] CVE-2015-3143: curl - cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections... cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. Scope: local bookworm: resolved (fixed in 7.42.0-1) bullseye: resolved (fixed in 7.42.0-1) forky: resolved (fixed in 7.42.0-1) sid: resolved (fixed in 7.42.0-1) trixie

CVE-2014-0138 [MEDIUM] CVE-2014-0138: curl - The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) S... The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015. Scope: local bookworm: resolved (fixed in 7.36.0-1) bul

CVE-2014-0015 [MEDIUM] CVE-2014-0015: curl - cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method... cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. Scope: local bookworm: resolved (fixed in 7.35.0-1) bullseye: resolved (fixed in 7.35.0-1) forky: resolved (fixed in 7.35.0-1) sid: resolved (fixed in 7.35.0-1)

CVE-2014-3620 [MEDIUM] CVE-2014-3620: curl - cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin ... cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. Scope: local bookworm: resolved (fixed in 7.38.0-1) bullseye: resolved (fixed in 7.38.0-1) forky: resolved (fixed in 7.38.0-1) sid: resolved (fixed in 7.38.0-1) trixie: resolved (fixed in 7.38.0-1)

CVE-2014-3613 [MEDIUM] CVE-2014-3613: curl - cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie d... cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. Scope: local bookworm: resolved (fixed in 7.38.0-1) bullseye: resolved (fixed in 7.38.0-1) forky: res

CVE-2014-0139 [MEDIUM] CVE-2014-0139: curl - cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gsk... cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Scope: local bookworm

CVE-2014-8150 [MEDIUM] CVE-2014-8150: curl - CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when usin... CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. Scope: local bookworm: resolved (fixed in 7.38.0-4) bullseye: resolved (fixed in 7.38.0-4) forky: resolved (fixed in 7.38.0-4) sid: resolved (fi