CVE-2016-8624
Description
curl before version 7.51.0 doesnt parse the authority component of the URL correctly when the host name part ends with a # character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
1.346
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Curl For Windows 7.50.3 | Windows |
| Multiple vulnerabilities are fixed in Curl For Windows 7.51.0 | Windows |
| Curl update (ELSA-2020-5002) curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm | Linux |
| Libcurl update (ELSA-2020-5002) libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm | Linux |
| Libcurl-devel update (ELSA-2020-5002) libcurl-devel-7.29.0-59.0.1.el7_9.1.x86_64.rpm | Linux |
| Libcurl update (ELSA-2020-5002) libcurl-7.29.0-59.0.1.el7_9.1.i686.rpm | Linux |
| Libcurl-devel update (ELSA-2020-5002) libcurl-devel-7.29.0-59.0.1.el7_9.1.i686.rpm | Linux |
| Curl update (ELSA-2023-7743) curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm | Linux |
| Libcurl update (ELSA-2023-7743) libcurl-7.29.0-59.0.3.el7_9.2.i686.rpm | Linux |
| Libcurl update (ELSA-2023-7743) libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm | Linux |
| Libcurl-devel update (ELSA-2023-7743) libcurl-devel-7.29.0-59.0.3.el7_9.2.i686.rpm | Linux |
| Libcurl-devel update (ELSA-2023-7743) libcurl-devel-7.29.0-59.0.3.el7_9.2.x86_64.rpm | Linux |
| CVE-2016-8624 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234