ALT-PU-2017-2736-1
Closed vulnerabilities
Modified: 2025-04-20
CVE-2017-8816
The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.
- http://security.cucumberlinux.com/security/details.php?id=161
- http://www.securityfocus.com/bid/101998
- http://www.securitytracker.com/id/1039896
- http://www.securitytracker.com/id/1040608
- https://access.redhat.com/errata/RHSA-2018:3558
- https://curl.haxx.se/docs/adv_2017-12e7.html
- https://security.gentoo.org/glsa/201712-04
- https://www.debian.org/security/2017/dsa-4051
- http://security.cucumberlinux.com/security/details.php?id=161
- http://www.securityfocus.com/bid/101998
- http://www.securitytracker.com/id/1039896
- http://www.securitytracker.com/id/1040608
- https://access.redhat.com/errata/RHSA-2018:3558
- https://curl.haxx.se/docs/adv_2017-12e7.html
- https://security.gentoo.org/glsa/201712-04
- https://www.debian.org/security/2017/dsa-4051
Modified: 2025-04-20
CVE-2017-8817
The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.
- http://security.cucumberlinux.com/security/details.php?id=162
- http://www.securityfocus.com/bid/102057
- http://www.securitytracker.com/id/1039897
- https://access.redhat.com/errata/RHSA-2018:3558
- https://curl.haxx.se/docs/adv_2017-ae72.html
- https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html
- https://security.gentoo.org/glsa/201712-04
- https://www.debian.org/security/2017/dsa-4051
- http://security.cucumberlinux.com/security/details.php?id=162
- http://www.securityfocus.com/bid/102057
- http://www.securitytracker.com/id/1039897
- https://access.redhat.com/errata/RHSA-2018:3558
- https://curl.haxx.se/docs/adv_2017-ae72.html
- https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html
- https://security.gentoo.org/glsa/201712-04
- https://www.debian.org/security/2017/dsa-4051
Modified: 2025-04-20
CVE-2017-8818
curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.
- http://security.cucumberlinux.com/security/details.php?id=163
- http://www.securityfocus.com/bid/102014
- http://www.securitytracker.com/id/1039898
- https://curl.haxx.se/docs/adv_2017-af0a.html
- https://security.gentoo.org/glsa/201712-04
- http://security.cucumberlinux.com/security/details.php?id=163
- http://www.securityfocus.com/bid/102014
- http://www.securitytracker.com/id/1039898
- https://curl.haxx.se/docs/adv_2017-af0a.html
- https://security.gentoo.org/glsa/201712-04