curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/95019
http://www.securitytracker.com/id/1037515
https://access.redhat.com/errata/RHSA-2018:3558
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586
https://curl.haxx.se/docs/adv_20161221A.html
https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16
https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html
Source: MITRE
Published: 2018-04-23
Updated: 2018-11-13
Type: CWE-119
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 8.1
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.2
Severity: HIGH
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
125002 | EulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1549) | Nessus | Huawei Local Security Checks | high |
118753 | Debian DLA-1568-1 : curl security update | Nessus | Debian Local Security Checks | high |
118418 | EulerOS Virtualization 2.5.0 : curl (EulerOS-SA-2018-1330) | Nessus | Huawei Local Security Checks | high |
110867 | EulerOS 2.0 SP3 : curl (EulerOS-SA-2018-1203) | Nessus | Huawei Local Security Checks | high |
110866 | EulerOS 2.0 SP2 : curl (EulerOS-SA-2018-1202) | Nessus | Huawei Local Security Checks | medium |
103773 | Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : curl vulnerabilities (USN-3441-1) | Nessus | Ubuntu Local Security Checks | medium |
102910 | SUSE SLES11 Security Update : curl (SUSE-SU-2017:2312-1) | Nessus | SuSE Local Security Checks | medium |
700170 | Mac OS X 10.x < 10.12.6 Multiple Vulnerabilities | Nessus Network Monitor | Operating System Detection | critical |
101957 | macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-003) | Nessus | MacOS X Local Security Checks | high |
99702 | openSUSE Security Update : curl (openSUSE-2017-513) | Nessus | SuSE Local Security Checks | medium |
99465 | SUSE SLES11 Security Update : curl (SUSE-SU-2017:1043-1) | Nessus | SuSE Local Security Checks | medium |
99464 | SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2017:1042-1) | Nessus | SuSE Local Security Checks | medium |
99134 | macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy) | Nessus | MacOS X Local Security Checks | critical |
97896 | Amazon Linux AMI : curl (ALAS-2017-806) | Nessus | Amazon Linux Local Security Checks | medium |
96644 | GLSA-201701-47 : cURL: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
96209 | Fedora 24 : curl (2016-86d2b5aefb) | Nessus | Fedora Local Security Checks | medium |
96183 | Debian DLA-767-1 : curl security update | Nessus | Debian Local Security Checks | medium |
96160 | Fedora 25 : curl (2016-edbb33ab2e) | Nessus | Fedora Local Security Checks | medium |
96086 | FreeBSD : cURL -- buffer overflow (42880202-c81c-11e6-a9a5-b499baebfeaf) | Nessus | FreeBSD Local Security Checks | medium |