ID CVE-2016-8620
Summary The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.
References
Vulnerable Configurations
  • cpe:2.3:a:haxx:curl:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:6.1:beta:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:6.1:beta:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:6.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:6.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:6.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:6.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:6.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:6.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:6.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:6.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.6:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.7:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.8:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.9:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.10:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.10.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.10.7:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.10.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.10.8:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.10.8:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.15.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.15.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.15.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.15.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.15.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.15.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.15.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.16.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.16.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.16.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.16.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.18.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.7-53:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.7-53:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.42.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.42.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.42.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.42.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.43.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.43.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.44.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.44.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.45.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.45.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.46.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.46.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.47.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.47.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.47.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.47.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.48.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.48.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.49.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.49.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.49.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.49.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.50.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.50.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.50.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.50.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.50.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.50.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.50.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.50.3:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 09-10-2019 - 23:20)
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Infiltration of Hardware Development Environment
    An attacker, leveraging the ability to manipulate components of primary support systems and tools within the development and production environments, inserts malicious software within the hardware and/or firmware development environment. The infiltration purpose is to alter developed hardware components in a system destined for deployment at the victim's organization, for the purpose of disruption or further compromise.
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2018:3558
rpms
  • httpd24-curl-0:7.61.1-1.el6
  • httpd24-curl-0:7.61.1-1.el7
  • httpd24-curl-debuginfo-0:7.61.1-1.el6
  • httpd24-curl-debuginfo-0:7.61.1-1.el7
  • httpd24-httpd-0:2.4.34-7.el6
  • httpd24-httpd-0:2.4.34-7.el7
  • httpd24-httpd-debuginfo-0:2.4.34-7.el6
  • httpd24-httpd-debuginfo-0:2.4.34-7.el7
  • httpd24-httpd-devel-0:2.4.34-7.el6
  • httpd24-httpd-devel-0:2.4.34-7.el7
  • httpd24-httpd-manual-0:2.4.34-7.el6
  • httpd24-httpd-manual-0:2.4.34-7.el7
  • httpd24-httpd-tools-0:2.4.34-7.el6
  • httpd24-httpd-tools-0:2.4.34-7.el7
  • httpd24-libcurl-0:7.61.1-1.el6
  • httpd24-libcurl-0:7.61.1-1.el7
  • httpd24-libcurl-devel-0:7.61.1-1.el6
  • httpd24-libcurl-devel-0:7.61.1-1.el7
  • httpd24-libnghttp2-0:1.7.1-7.el6
  • httpd24-libnghttp2-0:1.7.1-7.el7
  • httpd24-libnghttp2-devel-0:1.7.1-7.el6
  • httpd24-libnghttp2-devel-0:1.7.1-7.el7
  • httpd24-mod_ldap-0:2.4.34-7.el6
  • httpd24-mod_ldap-0:2.4.34-7.el7
  • httpd24-mod_md-0:2.4.34-7.el7
  • httpd24-mod_proxy_html-1:2.4.34-7.el6
  • httpd24-mod_proxy_html-1:2.4.34-7.el7
  • httpd24-mod_session-0:2.4.34-7.el6
  • httpd24-mod_session-0:2.4.34-7.el7
  • httpd24-mod_ssl-1:2.4.34-7.el6
  • httpd24-mod_ssl-1:2.4.34-7.el7
  • httpd24-nghttp2-0:1.7.1-7.el6
  • httpd24-nghttp2-0:1.7.1-7.el7
  • httpd24-nghttp2-debuginfo-0:1.7.1-7.el6
  • httpd24-nghttp2-debuginfo-0:1.7.1-7.el7
refmap via4
bid 94102
confirm
gentoo GLSA-201701-47
sectrack 1037192
Last major update 09-10-2019 - 23:20
Published 01-08-2018 - 06:29
Last modified 09-10-2019 - 23:20
Back to Top