curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/94103
http://www.securitytracker.com/id/1037192
https://access.redhat.com/errata/RHSA-2018:2486
https://access.redhat.com/errata/RHSA-2018:3558
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624
https://curl.haxx.se/docs/adv_20161102J.html
https://lists.apache.org/thread.html/[email protected]%3Ccommits.pulsar.apache.org%3E
Source: MITRE
Published: 2018-07-31
Updated: 2020-09-14
Type: CWE-20
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
140168 | OracleVM 3.4 : curl (OVMSA-2020-0035) | Nessus | OracleVM Local Security Checks | high |
131701 | Juniper Junos Space < 19.2R1 Multiple Vulnerabilities (JSA10951) | Nessus | Junos Local Security Checks | high |
125380 | Oracle Linux 6 / 7 : curl (ELSA-2019-4652) | Nessus | Oracle Linux Local Security Checks | high |
125002 | EulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1549) | Nessus | Huawei Local Security Checks | high |
105445 | F5 Networks BIG-IP : cURL and libcurl vulnerability (K85235351) | Nessus | F5 Networks Local Security Checks | medium |
99930 | Oracle Secure Global Desktop Multiple Vulnerabilities (April 2017 CPU) (SWEET32) | Nessus | Misc. | high |
99881 | EulerOS 2.0 SP1 : curl (EulerOS-SA-2017-1036) | Nessus | Huawei Local Security Checks | high |
99880 | EulerOS 2.0 SP2 : curl (EulerOS-SA-2017-1035) | Nessus | Huawei Local Security Checks | high |
96644 | GLSA-201701-47 : cURL: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
95917 | macOS 10.12.x < 10.12.2 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | high |
9826 | cURL/libcurl 7.x < 7.51.0 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
95009 | Fedora 25 : curl (2016-89769648a0) | Nessus | Fedora Local Security Checks | high |
94941 | Debian DLA-711-1 : curl security update | Nessus | Debian Local Security Checks | high |
94752 | openSUSE Security Update : curl (openSUSE-2016-1280) | Nessus | SuSE Local Security Checks | high |
94686 | Amazon Linux AMI : curl (ALAS-2016-766) | Nessus | Amazon Linux Local Security Checks | high |
94592 | Fedora 24 : curl (2016-e8e8cdb4ed) | Nessus | Fedora Local Security Checks | high |
94588 | Debian DSA-3705-1 : curl - security update | Nessus | Debian Local Security Checks | high |
94574 | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : curl vulnerabilities (USN-3123-1) | Nessus | Ubuntu Local Security Checks | high |
94572 | SUSE SLES11 Security Update : curl (SUSE-SU-2016:2714-1) | Nessus | SuSE Local Security Checks | high |
94516 | Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : curl (SSA:2016-308-01) | Nessus | Slackware Local Security Checks | high |
94506 | SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2016:2699-1) | Nessus | SuSE Local Security Checks | high |
94493 | FreeBSD : cURL -- multiple vulnerabilities (765feb7d-a0d1-11e6-a881-b499baebfeaf) | Nessus | FreeBSD Local Security Checks | high |