curl: Three vulnerabilities fixed in Version 7.52.0

Submitted on 21. December 2016 - 11:01 by meierfra.
Last update on 19. January 2017 - 14:57.

IDs:

CVE-2016-9586, CVE-2016-9952, CVE-2016-9953

Keywords:

curl

Description:

Curl released a new version 7.52.0 fixing three vulnerabilities.

Airlock WAF is not affected.

Details:

CVE-2016-9586: Buffer overflow in libcurl provided format string function when it is used with large floating point values. Airlock WAF is not affected because the vulnerable function is not being used.

CVE-2016-9952, CVE-2016-9953: Two vulnerabilities in the area of server certificate checks when libcurl is used with Windows CE TLS implementation (schannel). Airlock WAF is not affected because the vulnerable TLS implementation is not being used.

Resolution:

no action required

Component:

Airlock

Airlock Vulnerability Status:

Does not affect Airlock

Back-end Vulnerability Status:

No action required

Reference:

[1] Curl Security

Main menu

Navigation

User menu

You are here

curl: Three vulnerabilities fixed in Version 7.52.0

Main menu

Search form

Navigation

User menu

You are here

curl: Three vulnerabilities fixed in Version 7.52.0