vulnerability

Ubuntu: USN-3123-1 (CVE-2016-8624): curl vulnerabilities

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Nov 3, 2016

Added

Nov 3, 2016

Modified

Mar 27, 2026

Description

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.

Solutions

ubuntu-upgrade-libcurl3ubuntu-upgrade-libcurl3-gnutlsubuntu-upgrade-libcurl3-nss

References

CVE-2016-8624
https://attackerkb.com/topics/CVE-2016-8624
CWE-20
DEBIAN-DLA-711-1
DEBIAN-DSA-3705
EUVD-EUVD-2016-9469
NVD-CVE-2016-8624
UBUNTU-USN-3123-1
https://euvd.enisa.europa.eu/vulnerability/EUVD-2016-9469

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report