[3.5] curl: Multiple vulnerabilities (CVE-2017-8816, CVE-2017-8817, CVE-2017-8818)
CVE-2017-8816: NTLM buffer overflow via integer overflow
Affected versions:
libcurl 7.36.0 to and including 7.56.1
Not affected versions:
libcurl < 7.36.0 and >= 7.57.0
References:
https://curl.haxx.se/docs/adv\_2017-12e7.html
http://openwall.com/lists/oss-security/2017/11/29/2
Patch:
https://curl.haxx.se/CVE-2017-8816.patch
CVE-2017-8817: FTP wildcard out of bounds read
Affected versions:
libcurl 7.21.0 to and including 7.56.1
Not affected versions:
libcurl < 7.21.0 and >= 7.57.0
References:
https://curl.haxx.se/docs/adv\_2017-ae72.html
http://openwall.com/lists/oss-security/2017/11/29/3
Patch:
https://curl.haxx.se/CVE-2017-8817.patch
CVE-2017-8818: SSL out of buffer access
Affected versions:
libcurl 7.56.0 to and including 7.56.1
Not affected versions:
libcurl < 7.56.0 and >= 7.57.0
References:
https://curl.haxx.se/docs/adv\_2017-af0a.html
http://openwall.com/lists/oss-security/2017/11/29/4
Patch:
https://curl.haxx.se/CVE-2017-8818.patch
(from redmine: issue id 8214, created on 2017-11-30, closed on 2017-12-07)
- Relations:
- parent #8212 (closed)
- Changesets:
- Revision ae95dcd4 by Natanael Copa on 2017-12-07T10:02:57Z:
main/curl: security upgrade to 7.57.0
CVE-2017-8816
CVE-2017-8817
CVE-2017-8818
fixes #8214