[Forgot Password]
Login  Register Subscribe

24437

 
 

132035

 
 

118681

 
 

909

 
 

92673

 
 

143

 
 
Paid content will be excluded from the download.

Filter
Matches : 12175 Download | Alert*

HTTP authentication leak in redirectslibcurl might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending th ...

FTP path trickery leads to NIL byte out of bounds write:It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior. LDAP NULL pointer dereference:A NULL pointer derefer ...

curl is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, ...

CVE-2018-1000005: HTTP/2 trailer out-of-bounds read. Affected versions: libcurl 7.49.0 to and including 7.57.0 Not affected versions: libcurl = 7.58.0

An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that data with a pointer and the size to the deliver-data function. Affected versions: libcurl 7.20.0 to and including 7.56.0 Not affected versions: libcurl = 7.56.1

CVE-2017-8816: NTLM buffer overflow via integer overflow Affected versions libcurl 7.36.0 to and including 7.56.1 Not affected versions libcurl = 7.57.0

When libcurl connects to an FTP server and successfully logs in , it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a clo ...

When libcurl connects to an FTP server and successfully logs in , it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a clo ...

CVE-2018-1000005: HTTP/2 trailer out-of-bounds read Affected versions libcurl 7.49.0 to and including 7.57.0 Not affected versions libcurl = 7.58.0

An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that data with a pointer and the size to the deliver-data function. Affected versions:¶ libcurl 7.20.0 to and including 7.56.0 Not affected versions:¶ libcurl = 7.56.1


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   1217

© SecPod Technologies