Daniel StenbergCVEs & Vulnerabilities

6 CVEs affecting Daniel Stenberg products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

curl 28c-ares 14dispair 2
CVE-2007-3152HIGH

c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value.

12 Jun 2007
7.5
CVSS
CVE-2007-3153MEDIUM

The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values.

12 Jun 2007
5.0
CVSS
CVE-2006-1061HIGH

Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.

21 Mar 2006
7.5
CVSS
CVE-2005-4077MEDIUM

Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.

8 Dec 2005
4.6
CVSS
CVE-2002-1868CRITICALpoc

Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields.

31 Dec 2002
10.0
CVSS
CVE-2000-0973CRITICALpoc

Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.

19 Dec 2000
10.0
CVSS
← PrevPage 1 / 1Next →