Attack Complexity Low
EPSS 0.64% (77th percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-DEBIAN11-CURL-530052
- published 27 Jun 2018
- disclosed 1 Aug 2018
Introduced: 27 Jun 2018CVE-2016-8625 Open this link in a new tab
CWE-20 Open this link in a new tab
How to fix?
curl to version 7.51.0-1 or higher.
Note: Versions mentioned in the description apply only to the upstream
curl package and not the
curl package as distributed by
How to fix? for
Debian:11 relevant fixed versions and status.
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.