Haxx Curl vulnerabilities

CVE-2017-9502 [MEDIUM] CWE-119 CVE-2017-9502: In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic th In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FIL

CVE-2017-7407 [LOW] CWE-119 CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attacker The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.

CVE-2016-7167 [CRITICAL] CVE-2016-7167: Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7 Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.

CVE-2016-7141 [HIGH] CVE-2016-7141: curl and libcurl before 7 curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.

CVE-2016-5420 [HIGH] CVE-2016-5420: curl and libcurl before 7 curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

CVE-2016-5421 [HIGH] CVE-2016-5421: Use-after-free vulnerability in libcurl before 7 Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

CVE-2016-5419 [HIGH] curl vulnerabilities curl vulnerabilities Bru Rom discovered that curl incorrectly handled client certificates when resuming a TLS session. (CVE-2016-5419) It was discovered that curl incorrectly handled client certificates when reusing TLS connections. (CVE-2016-5420) Marcelo Echeverria and Fernando Muñoz discovered that curl incorrectly reused a connection struct, contrary to expectations. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5421)

CVE-2016-4802 [HIGH] CWE-264 CVE-2016-4802: Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SS Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.

CVE-2016-3739 [MEDIUM] CWE-20 CVE-2016-3739: The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.

CVE-2016-0755 [HIGH] CVE-2016-0755: The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-au The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.

CVE-2016-0754 [MEDIUM] CWE-20 CVE-2016-0754: cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working di cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name.

CVE-2015-3237 [MEDIUM] CWE-20 CVE-2015-3237: The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers t The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.

CVE-2015-3236 [MEDIUM] CWE-200 CVE-2015-3236: cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors.

CVE-2015-3153 [MEDIUM] CWE-200 CVE-2015-3153: The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the p The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

CVE-2015-3144 [CRITICAL] CWE-119 CVE-2015-3144: The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an i The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."

CVE-2015-3145 [HIGH] CWE-119 CVE-2015-3145: The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calcul The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

CVE-2015-3143 [MEDIUM] CVE-2015-3143: cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remot cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.

CVE-2015-3148 [MEDIUM] CWE-284 CVE-2015-3148: cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, w cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

CVE-2014-8150 [MEDIUM] CVE-2014-8150: CRLF injection vulnerability in libcurl 6 CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

CVE-2014-3613 [MEDIUM] CWE-310 CVE-2014-3613: cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which a cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.