KLA10618
Information disclosure vulnerability in cURL
Updated: 06/01/2019
Detect date
?
06/22/2015
Severity
?
High
Description

Multiple serious vulnerabilities have been found in cURL. Malicious users can exploit these vulnerabilities to obtain sensitive information.

Below is a complete list of vulnerabilities

  1. An unknown vulnerability related to SMB can be exploited remotely via specially designed length and offset values;
  2. Improper credentials handling can be exploited remotely via vectors related to curl_easy_reset connection.
Affected products

cURL and libcurl versions from 7.40.0 through 7.42.1

Solution

Update to the latest version
Get cURL

Original advisories

cURL advisory
cURL advisory

Impacts
?
OSI 
[?]
CVE-IDS
?
CVE-2015-32365.0Critical
CVE-2015-32376.4High