CVE-2016-4606

CRITICAL

Curl <7.49.1 - RCE/XSS/DoS/Bypass

Title source: llm

Description

Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93055

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036858

[Mailing List, Third Party Advisory] https://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

Scores

CVSS v3 9.8

EPSS 0.0022

EPSS Percentile 44.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

Status published

Affected Products (1)

haxx/curl < 7.49.1

Timeline

Published Feb 21, 2020

Tracked Since Feb 18, 2026