CVE-2016-8625

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.

References

https://curl.haxx.se/docs/adv_20161102K.html

https://curl.haxx.se/CVE-2016-8625.patch

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625

https://www.tenable.com/security/tns-2016-21

https://security.gentoo.org/glsa/201701-47

http://www.securitytracker.com/id/1037192

http://www.securityfocus.com/bid/94107

https://access.redhat.com/errata/RHSA-2018:2486

https://access.redhat.com/errata/RHSA-2018:3558

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f6[email protected]%3Cissues.bookkeeper.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.bookkeeper.apache.org%3E

Details

Source: MITRE

Published: 2018-08-01

Updated: 2021-06-29

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
151421EulerOS Virtualization 3.0.2.2 : curl (EulerOS-SA-2021-2132)NessusHuawei Local Security Checks
high
137981EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2020-1762)NessusHuawei Local Security Checks
high
137977EulerOS Virtualization 3.0.6.0 : curl-openssl (EulerOS-SA-2020-1758)NessusHuawei Local Security Checks
high
135505EulerOS 2.0 SP3 : curl (EulerOS-SA-2020-1376)NessusHuawei Local Security Checks
high
134522EulerOS Virtualization for ARM 64 3.0.2.0 : curl (EulerOS-SA-2020-1233)NessusHuawei Local Security Checks
critical
131902EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-2410)NessusHuawei Local Security Checks
critical
131701Juniper Junos Space < 19.2R1 Multiple Vulnerabilities (JSA10951)NessusJunos Local Security Checks
critical
130845EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-2136)NessusHuawei Local Security Checks
critical
99930Oracle Secure Global Desktop Multiple Vulnerabilities (April 2017 CPU) (SWEET32)NessusMisc.
critical
96644GLSA-201701-47 : cURL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
95917macOS 10.12.x < 10.12.2 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
9826cURL/libcurl 7.x < 7.51.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
94516Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : curl (SSA:2016-308-01)NessusSlackware Local Security Checks
critical
94493FreeBSD : cURL -- multiple vulnerabilities (765feb7d-a0d1-11e6-a881-b499baebfeaf)NessusFreeBSD Local Security Checks
critical