[3.4] curl: Multiple vulnerabilities (CVE-2017-8816, CVE-2017-8817)
CVE-2017-8816: NTLM buffer overflow via integer overflow
Affected versions:
libcurl 7.36.0 to and including 7.56.1
Not affected versions:
libcurl < 7.36.0 and >= 7.57.0
References:
https://curl.haxx.se/docs/adv\_2017-12e7.html
http://openwall.com/lists/oss-security/2017/11/29/2
Patch:
https://curl.haxx.se/CVE-2017-8816.patch
CVE-2017-8817: FTP wildcard out of bounds read
Affected versions:
libcurl 7.21.0 to and including 7.56.1
Not affected versions:
libcurl < 7.21.0 and >= 7.57.0
References:
https://curl.haxx.se/docs/adv\_2017-ae72.html
http://openwall.com/lists/oss-security/2017/11/29/3
Patch:
https://curl.haxx.se/CVE-2017-8817.patch
(from redmine: issue id 8215, created on 2017-11-30, closed on 2017-12-07)
- Relations:
- parent #8212 (closed)
- Changesets:
- Revision 8cd99339 by Natanael Copa on 2017-12-07T09:59:38Z:
main/curl: security upgrade to 7.57.0
CVE-2017-8816
CVE-2017-8817
CVE-2017-8818
fixes #8215