Main Vulnerability Database SB2016110317

SB2016110317 - Input validation error in curl (Alpine package)

Published: November 3, 2016

Security Bulletin ID SB2016110317

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2016-8625)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=e57c1f8b95e9a6aecc75e9eaae6c7bf9e259adb6
https://git.alpinelinux.org/aports/commit/?id=39696e7a1a7079578ea07cb9514fd0c50105340e
https://git.alpinelinux.org/aports/commit/?id=ffe6b82496f728d1d75dae4030047c6ff48a9c5a