cURL/libcURL CVE-2016-5419 Remote Security Bypass Vulnerability



cURL/libcURL is prone to a remote security-bypass vulnerability.

An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks.

libcurl versions 7.1 to to 7.50.0 are affected.

Information

Bugtraq ID: 92292
Class: Access Validation Error
CVE: CVE-2016-5419

Remote: Yes
Local: No
Published: Aug 03 2016 12:00AM
Updated: Apr 24 2017 12:04AM
Credit: Eric Rescorla and Ray Satiro.
Vulnerable: Oracle Secure Global Desktop 5.3
Oracle Secure Global Desktop 5.2
Haxx Libcurl 7.50
Haxx Libcurl 7.47
Haxx Libcurl 7.46
Haxx Libcurl 7.43
Haxx Libcurl 7.42.1
Haxx Libcurl 7.36
Haxx Libcurl 7.34
Haxx Libcurl 7.33
Haxx Libcurl 7.32
Haxx Libcurl 7.31
Haxx Libcurl 7.30
Haxx Libcurl 7.25
Haxx Libcurl 7.23
Haxx Libcurl 7.22
Haxx Libcurl 7.21
Haxx Libcurl 7.20
Haxx Libcurl 7.19.6
Haxx Libcurl 7.19.5
Haxx Libcurl 7.19.4
Haxx Libcurl 7.19.3
Haxx Libcurl 7.18.1
Haxx Libcurl 7.18
Haxx Libcurl 7.17
Haxx Libcurl 7.16.4
Haxx Libcurl 7.15.5
Haxx Libcurl 7.15.3
Haxx Libcurl 7.15.2
Haxx Libcurl 7.15.1
Haxx Libcurl 7.15
Haxx Libcurl 7.14.1
Haxx Libcurl 7.14
Haxx Libcurl 7.13.2
Haxx Libcurl 7.13.1
Haxx Libcurl 7.13
Haxx Libcurl 7.12.3
Haxx Libcurl 7.12.2
Haxx Libcurl 7.12.1
Haxx Libcurl 7.12
Haxx Libcurl 7.11.2
Haxx Libcurl 7.11.1
Haxx Libcurl 7.11
Haxx Libcurl 7.10.8
Haxx Libcurl 7.10.7
Haxx Libcurl 7.10.6
Haxx Libcurl 7.10.5
Haxx Libcurl 7.10.4
Haxx Libcurl 7.10.3
Haxx Libcurl 7.10.2
Haxx Libcurl 7.10.1
Haxx Libcurl 7.9.8
Haxx Libcurl 7.9.7
Haxx Libcurl 7.9.6
Haxx Libcurl 7.9.5
Haxx Libcurl 7.9.3
Haxx Libcurl 7.9.2
Haxx Libcurl 7.9.1
Haxx Libcurl 7.7.2
Haxx Libcurl 7.7.1
Haxx Libcurl 7.9.4
Haxx Libcurl 7.9
Haxx Libcurl 7.8.1
Haxx Libcurl 7.8
Haxx Libcurl 7.7.3
Haxx Libcurl 7.7
Haxx Libcurl 7.6.1
Haxx Libcurl 7.6
Haxx Libcurl 7.5.2
Haxx Libcurl 7.5.1
Haxx Libcurl 7.49.0
Haxx Libcurl 7.48.0
Haxx Libcurl 7.42.0
Haxx Libcurl 7.41.0
Haxx Libcurl 7.40.0
Haxx Libcurl 7.4.2
Haxx Libcurl 7.4.1
Haxx Libcurl 7.4
Haxx Libcurl 7.39
Haxx Libcurl 7.38.0
Haxx Libcurl 7.37.1
Haxx Libcurl 7.37.0
Haxx Libcurl 7.35.0
Haxx Libcurl 7.3
Haxx Libcurl 7.29.0
Haxx Libcurl 7.28.1
Haxx Libcurl 7.28.0
Haxx Libcurl 7.27.0
Haxx Libcurl 7.26.0
Haxx Libcurl 7.24.0
Haxx Libcurl 7.23.1
Haxx Libcurl 7.21.7
Haxx Libcurl 7.21.6
Haxx Libcurl 7.21.5
Haxx Libcurl 7.21.4
Haxx Libcurl 7.21.3
Haxx Libcurl 7.21.2
Haxx Libcurl 7.21.1
Haxx Libcurl 7.20.1
Haxx Libcurl 7.2.1
Haxx Libcurl 7.2
Haxx Libcurl 7.19.7
Haxx Libcurl 7.19.2
Haxx Libcurl 7.19.1
Haxx Libcurl 7.19.0
Haxx Libcurl 7.18.2
Haxx Libcurl 7.17.1
Haxx Libcurl 7.16.3
Haxx Libcurl 7.16.2
Haxx Libcurl 7.16.1
Haxx Libcurl 7.16.0
Haxx Libcurl 7.15.4
Haxx Libcurl 7.10
Haxx Libcurl 7.1.1
Google Android 7.0
Apple macOS 10.12.1


Not Vulnerable: Haxx Libcurl 7.50.1
Apple macOS 10.12.2


Exploit


Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.


Related Posts

Comments