RedhatCVELIST:CVE-2016-8625CVE-2016-8625
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.5 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
77.9%
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.
CNA Affected
[
{
"product": "curl",
"vendor": "The Curl Project",
"versions": [
{
"status": "affected",
"version": "7.51.0"
}
]
}
]References
www.securityfocus.com/bid/94107
www.securitytracker.com/id/1037192
access.redhat.com/errata/RHSA-2018:2486
access.redhat.com/errata/RHSA-2018:3558
bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625
curl.haxx.se/CVE-2016-8625.patch
curl.haxx.se/docs/adv_20161102K.html
lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
security.gentoo.org/glsa/201701-47
www.tenable.com/security/tns-2016-21
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.5 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
77.9%