KLA10618
Information disclosure vulnerability in cURL
Обновлено: 17/06/2019
Дата обнаружения
22/06/2015
Уровень угрозы
High
Описание

Multiple serious vulnerabilities have been found in cURL. Malicious users can exploit these vulnerabilities to obtain sensitive information.

Below is a complete list of vulnerabilities

  1. An unknown vulnerability related to SMB can be exploited remotely via specially designed length and offset values;
  2. Improper credentials handling can be exploited remotely via vectors related to curl_easy_reset connection.
Пораженные продукты

cURL and libcurl versions from 7.40.0 through 7.42.1

Решение

Update to the latest version
Get cURL

Первичный источник обнаружения
cURL advisory
cURL advisory
Оказываемое влияние
?
OSI 
[?]
CVE-IDS
CVE-2015-32365.0Critical
CVE-2015-32376.4High