SB2018080125 - Input validation error in curl.haxx.se cURL
Published: August 1, 2018 Updated: August 3, 2020
Security Bulletin ID
SB2018080125
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2016-8625)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.
Remediation
Install update from vendor's website.
References
- http://www.securityfocus.com/bid/94107
- http://www.securitytracker.com/id/1037192
- https://access.redhat.com/errata/RHSA-2018:2486
- https://access.redhat.com/errata/RHSA-2018:3558
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625
- https://curl.haxx.se/CVE-2016-8625.patch
- https://curl.haxx.se/docs/adv_20161102K.html
- https://security.gentoo.org/glsa/201701-47
- https://www.tenable.com/security/tns-2016-21