CVE-2016-8625
MEDIUMcurl < 7.51.0 - Unauthenticated Host Spoofing via Outdated IDNA 2003 Standard
Title source: llmDescription
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.
References (11)
Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94107
Patch, Vendor Advisory x_refsource_confirm
https://curl.haxx.se/CVE-2016-8625.patch
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3558
Third Party Advisory x_refsource_confirm
https://www.tenable.com/security/tns-2016-21
Patch, Vendor Advisory x_refsource_confirm
https://curl.haxx.se/docs/adv_20161102K.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037192
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2486
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201701-47
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
Scores
CVSS v3
5.3
EPSS
0.0155
EPSS Percentile
81.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-20
Status
published
Products (1)
haxx/curl
< 7.51.0
Published
Aug 01, 2018
Tracked Since
Feb 18, 2026