International Domain Name Handling Vulnerability in curl by Haxx
CVE-2016-8625

5.3MEDIUM

Key Information:

Vendor: The Curl Project
Status: Curl
Vendor: CVE Published:; 1 August 2018

What is CVE-2016-8625?

The vulnerability in curl prior to version 7.51.0 allows for exploitation through outdated IDNA 2003 standards, potentially directing users to incorrect host addresses unknowingly. This could lead to unintentional data exposure or manipulations as network transfer requests may be sent to malicious hosts instead of intended destinations.

Affected Version(s)

curl 7.51.0

References

http://www.securityfocus.com/bid/94107

vdb-entryx_refsource_BID

https://curl.haxx.se/CVE-2016-8625.patch

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2018:3558

vendor-advisoryx_refsource_REDHAT

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 1, 2018
Vulnerability Reserved
Oct 12, 2016

The Curl Project

What is CVE-2016-8625?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline