You are here

curl: Three vulnerabilities fixed in Version 7.52.0

IDs: 
CVE-2016-9586, CVE-2016-9952, CVE-2016-9953
Keywords: 
curl
Description: 

Curl released a new version 7.52.0 fixing three vulnerabilities.

Airlock WAF is not affected.

Details:

CVE-2016-9586: Buffer overflow in libcurl provided format string function when it is used with large floating point values. Airlock WAF is not affected because the vulnerable function is not being used.

CVE-2016-9952, CVE-2016-9953: Two vulnerabilities in the area of server certificate checks when libcurl is used with Windows CE TLS implementation (schannel). Airlock WAF is not affected because the vulnerable TLS implementation is not being used.

Resolution: 

no action required

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required