curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.
CPE | Name | Operator | Version |
---|---|---|---|
curl | eq | 7.28.0-r0 | |
curl | eq | 7.21.1-r0 | |
curl | eq | curl-7_19_6 | |
curl | eq | before_urldata_rename | |
curl | eq | 7.47.0-r0 | |
curl | eq | curl-7_9_7 | |
curl | eq | 7.28.1-r0 | |
curl | eq | curl-7_16_0 | |
curl | eq | curl-7_45_0 | |
curl | eq | 7.31.0-r0 |
www.securityfocus.com/bid/94107
www.securitytracker.com/id/1037192
access.redhat.com/errata/RHSA-2018:2486
access.redhat.com/errata/RHSA-2018:3558
bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625
curl.haxx.se/CVE-2016-8625.patch
curl.haxx.se/docs/adv_20161102K.html
lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
security.gentoo.org/glsa/201701-47
www.tenable.com/security/tns-2016-21