Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*
There are 23 matching records.
Displaying matches 21 through 23.
Vuln ID Summary CVSS Severity
CVE-2013-2174

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.

Published: July 31, 2013; 9:20:25 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-1944

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

Published: April 29, 2013; 6:55:08 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-2192

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

Published: July 07, 2011; 5:55:02 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM