International Domain Name Handling Vulnerability in curl by Haxx
CVE-2016-8625

5.3MEDIUM

Key Information:

Vendor

The Curl Project

Status
Curl
Vendor
CVE Published:
1 August 2018

What is CVE-2016-8625?

The vulnerability in curl prior to version 7.51.0 allows for exploitation through outdated IDNA 2003 standards, potentially directing users to incorrect host addresses unknowingly. This could lead to unintentional data exposure or manipulations as network transfer requests may be sent to malicious hosts instead of intended destinations.

Affected Version(s)

curl 7.51.0

References

http://www.securityfocus.com/bid/94107
vdb-entryx_refsource_BID
https://curl.haxx.se/CVE-2016-8625.patch
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3558
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.