CVE-2016-8625
5.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Curl Project | curl | 7.51.0 | affected |
Weaknesses
- CWE-20: CWE-20
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/94107
- https://curl.haxx.se/CVE-2016-8625.patch
- https://access.redhat.com/errata/RHSA-2018:3558
- https://www.tenable.com/security/tns-2016-21
- https://curl.haxx.se/docs/adv_20161102K.html
- http://www.securitytracker.com/id/1037192
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625
- https://access.redhat.com/errata/RHSA-2018:2486
- https://security.gentoo.org/glsa/201701-47
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
References
- http://www.securityfocus.com/bid/94107
- https://curl.haxx.se/CVE-2016-8625.patch
- https://access.redhat.com/errata/RHSA-2018:3558
- https://www.tenable.com/security/tns-2016-21
- https://curl.haxx.se/docs/adv_20161102K.html
- http://www.securitytracker.com/id/1037192
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625
- https://access.redhat.com/errata/RHSA-2018:2486
- https://security.gentoo.org/glsa/201701-47
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.