What is CVE-2016-4802?

CVE-2016-4802 is a high-severity vulnerability in Haxx Curl, classified under CWE-264. CVSS score: 7.8/10. Published 2016-06-24.

How severe is CVE-2016-4802?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2016-4802 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Haxx Curl

CVE-2016-4802

Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll…

EPSS: 0.006 (70.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Haxx Curl
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

1036008 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
90997 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2016-4802?: CVE-2016-4802 is a high-severity vulnerability in Haxx Curl, classified under CWE-264. CVSS score: 7.8/10. Published 2016-06-24.
How severe is CVE-2016-4802?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2016-4802 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.