CVE-2016-8624

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.
Configurations

Configuration 1 (hide)

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

History

29 Jun 2021, 15:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E -

Information

Published : 2018-07-31 21:29

Updated : 2024-02-04 20:03


NVD link : CVE-2016-8624

Mitre link : CVE-2016-8624

CVE.ORG link : CVE-2016-8624


JSON object : View

Products Affected

haxx

  • curl
CWE
CWE-20

Improper Input Validation