Dan Fandrich

**Nome do software vulnerável e versões afetadas** Versões do cURL (versões afetadas não especificadas) **Descrição** O problema está relacionado a um erro na lógica de remoção de protocolos quando uma opção de parâmetro de seleção de protocolo desativa todos os protocolos sem adicionar nenhum. Isso permite que o conjunto padrão de protocolos permaneça no conjunto permitido. A falha pode ser demonstrada com o comando `curl --proto -all,-http http://curl.se`, que realiza uma solicitação ao curl.se com um protocolo de texto simples que foi explicitamente desativado. A equipe de segurança do curl classificou isso como um bug de baixa gravidade, observando que é improvável que ocorra em situações reais devido ao seu caso de uso impraticável. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** libjpeg in exif version 0.6.20 libexif versions prior to 0.6.21 **Description** The issue is related to an integer overflow in the `jpeg data load data` function, which can be exploited by remote attackers using a crafted JPEG file. This can lead to a denial of service, causing a buffer over-read and application crash, or potentially allow attackers to obtain sensitive information. Multiple vulnerabilities in the libexif package can compromise the confidentiality, integrity, and availability of protected information and can be exploited remotely. **Recommendations** For libjpeg in exif version 0.6.20, update to version 0.6.21 or later to resolve the issue. For libexif versions prior to 0.6.21, update to version 0.6.21 or later to address the vulnerabilities.

**Name of the Vulnerable Software and Affected Versions** curl versions prior to 7.24.0 **Description** The issue concerns the improper handling of special characters during pathname extraction from URLs, allowing remote attackers to conduct data-injection attacks. This can be exploited through crafted URLs, potentially affecting protocols such as IMAP, POP3, and SMTP. The vulnerability can lead to data injection attacks, including CRLF injection, which may result in unintended actions, such as deleting messages or sending unintended emails. **Recommendations** For versions prior to 7.24.0, update to version 7.24.0 or later to resolve the issue. As a temporary workaround, consider restricting user input for URLs to prevent maliciously crafted URLs from being processed. Additionally, restrict access to vulnerable protocols such as IMAP, POP3, and SMTP until the update is applied.

**Name of the Vulnerable Software and Affected Versions** curl versions 7.20.0 through 7.21.1 **Description** The issue allows remote servers to create or overwrite arbitrary files by using a backslash as a separator of path components within the Content-disposition HTTP header when the --remote-header-name or -J option is used. This is possible because curl attempts to cut off directory parts from filenames in the header but did not account for backslashes, which are used as directory separators in some operating systems, including Windows, Netware, MSDOS, OS/2, and Symbian. This could potentially allow a rogue server to overwrite system files, commands, or known executables. **Recommendations** For curl versions 7.20.0 through 7.21.1, consider disabling the use of the --remote-header-name or -J option until a patch is available to prevent potential file overwrites. Restrict access to sensitive files and directories to minimize the risk of exploitation. Avoid using the `Content-disposition` header with backslashes in filenames to prevent potential security issues.

**Name of the Vulnerable Software and Affected Versions** libexif versions prior to 0.6.21 **Description** The issue involves multiple vulnerabilities in the libexif package that can lead to disruptions in confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, an integer underflow in the `exif entry get value` function in `exif-entry.c` might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow. **Recommendations** For versions prior to 0.6.21, update to version 0.6.21 or later to resolve the issue. As a temporary workaround, consider restricting access to the `exif entry get value` function until a patch is available. Avoid using crafted buffer-size parameters in the affected EXIF tag formatting until the issue is resolved. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** libexif versions prior to 0.6.21 **Description** The issue is related to multiple vulnerabilities in the libexif package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, an off-by-one error in the `exif convert utf16 to utf8` function in `exif-entry.c` allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image. **Recommendations** For versions prior to 0.6.21, update to version 0.6.21 or later to resolve the issue. As a temporary workaround, consider disabling the `exif convert utf16 to utf8` function until a patch is available. Restrict access to the vulnerable libexif module to minimize the risk of exploitation. Avoid using crafted EXIF tags in images until the issue is resolved.