CVE-2016-4802
First published: Fri Jun 24 2016(Updated: )
Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Curl | <=7.49.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-4802?
CVE-2016-4802 is considered a medium severity vulnerability due to its potential to allow arbitrary code execution.
How do I fix CVE-2016-4802?
To fix CVE-2016-4802, upgrade cURL and libcurl to version 7.49.1 or later.
Who is affected by CVE-2016-4802?
Users of cURL and libcurl versions prior to 7.49.1, specifically those with SSPI or telnet enabled, are affected by CVE-2016-4802.
What types of attacks can CVE-2016-4802 enable?
CVE-2016-4802 can enable DLL hijacking attacks, allowing local users to execute arbitrary code.
When was CVE-2016-4802 announced?
CVE-2016-4802 was announced on May 30, 2016.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- agent/source
- vendor/haxx
- canonical/curl
- version/curl/7.49.0