Red Hat Security Advisory 2020-0594-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.
5800d93843f1ea719cdba522f0012e32a8772db15e37256fc66938007179eaeaRed Hat Security Advisory 2020-0544-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.
b0a7cd24faf58381d9944e0f03bca872a110b57e09834c7814f9ff0b81d45b1bRed Hat Security Advisory 2018-3157-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. The nss-pem package provides the PEM file reader for Network Security Services implemented as a PKCS#11 module. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.
b81eff821df514b10d996e77ee7ce54c386215c648e2332e32ff699524042d01Gentoo Linux Security Advisory 201806-5 - Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. Versions less than 7.60.0 are affected.
84539ba334c2ae70a3648c5332b02a77671ad7695cff1a5131ca6c9ea930ebd4Ubuntu Security Notice 3598-2 - USN-3598-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
c5d6344504a7945abbf4776b4bf8a96624a9b4f396644b64ae184261943023f6Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
995df06ea509e3ba0623ef636ade9ddadf80140e6d9d607242983d794e83bac1Debian Linux Security Advisory 4202-1 - OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid headers in an RTSP response.
90a8bd88a40752bf5d9068f391d79df7a3cd320bafb58ab2092469b30f208678Ubuntu Security Notice 3648-1 - Dario Weisser discovered that curl incorrectly handled long FTP server command replies. If a user or automated system were tricked into connecting to a malicious FTP server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. Max Dymond discovered that curl incorrectly handled certain RTSP responses. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.
c65d1f87b06ccd75d36690b9c5b87c1f89bfe13c679ad86bf2049e999741df91
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed