Kaspersky Threats — KLA10859

Solutions for:

Medium Business

Kaspersky ID:

KLA10859

Detect Date:

08/03/2016

Updated:

01/22/2024

Description

Multiple serious vulnerabilities have been found in cURL. Malicious users can exploit these vulnerabilities to bypass security restrictions.

Below is a complete list of vulnerabilities

Use-after-free vulnerability can be exploited to control which connection is used;
An improper TLS connection reuse handling can be exploited remotely via connection manipulations to hijack authentication;
An improper TLS certificate change handling can be exploited remotely via connection manipulations to bypass security restrictions.

Technical details

The curl command line tool is also affected because of these flaws.

All vulnerabilities were found in libcurl library.

Original advisories

cURL vulnerabilities table and advisories

Related products

cURL

CVE list

CVE-2016-5421
high
CVE-2016-5420
warning
CVE-2016-5419
warning

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!

Kaspersky ID:

KLA10859

Detect Date:

08/03/2016

Updated:

01/22/2024

Severity

critical

Solution

Update to the latest version or apply patches
patch for CVE-2016-5421
patch for CVE-2016-5420
cURL download page
patch for CVE-2016-5419

Impacts

SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected products

cURL and libcurl versions earlier than 7.50.1

Kaspersky Next

Let’s go Next: redefine your business’s cybersecurity

New Kaspersky!

Your digital life deserves complete protection!

Confirm changes?

Your message has been sent successfully.