Multiple vulnerabilities in curl library
Advisory ID | CVE Number | Date discovered | Severity | Advisory revision |
---|---|---|---|---|
STORM-2019-002 | CVE-2015-3236 , CVE-2015-3237 , CVE-2016-8616 , CVE-2016-9594 , CVE-2017-2629 , CVE-2016-5419 , CVE-2016-5420 , CVE-2017-7468 , CVE-2016-8618 , CVE-2016-8619 , CVE-2016-9586 , CVE-2017-8816 , CVE-2017-8817 , CVE-2017-8818 , CVE-2017-1000101 , CVE-2018-16839 , CVE-2018-16842 , CVE-2018-1000120 , CVE-2018-1000121 , CVE-2018-1000122 , CVE-2018-1000300 , CVE-2016-7167 , CVE-2016-8622 , CVE-2017-1000254 , CVE-2018-16890 , CVE-2019-3822 , CVE-2016-0755 , CVE-2016-8615 , CVE-2016-8624 , CVE-2016-8625 , CVE-2016-5421 , CVE-2017-1000100 | 04/12/2019 | medium | v2 |
Vulnerability details
Multiple vulnerabilities in cURL library can lead to denial of service, arbitrary code execution or traffic inteception.
Impacted products
Products | Severity | Detail |
---|---|---|
Stormshield Network Security | medium | The SNS products embed a vulnerable version of the cURL library. |
Revisions
Version | Date | Description |
---|---|---|
v1 | Initial release | |
v2 | 08/27/2019 | Add FAST360 status |
Stormshield Network Security |
CVSS v2 Overall Score: 5.6 |
Analysis |
Impacted version |
Several vulnerabilities in cURL libraries allows: -Arbitrary code execution, or -Traffic interception, leading to update a SNS firewall with a rogue firmware |
|
Workaround solution |
Solution |
There is no workaround solution. |
The 3.7.4, 3.8.1 and 2.14 update fix this vulnerability. |
Access vector | Access complexity | Authentication | Confidentiality impact | Integrity impact | Availability impact |
---|---|---|---|---|---|
Network | High | None | Complete | Complete | Complete |
CVSS Base score: 7.6 | CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) |
Exploitability | Remediation Level | Report Confidence |
---|---|---|
Unproven that exploit exists | Official fix | Confirmed |
CVSS Temporal score: 5.6 | CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C) |
Collateral Damage Potential | Target Distribution |
---|---|
None | High [76-100%] |
CVSS Environmental score: 5.6 | CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND) |