CVE-2016-0754

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-0754

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-0754.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-0754

Aliases

CURL-CVE-2016-0754

Published

2016-01-29T20:59:04.780Z

Modified

2025-11-14T04:28:33.589139Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name.

References

http://curl.haxx.se/docs/adv_20160127B.html

Affected packages

Git / github.com/curl/curl

Affected ranges

Type: GIT
Repo: https://github.com/curl/curl
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

e2ae32ff5f3ab6f0819590f61f248f17df12987f

Affected versions

Other

before_ftp_statemachine

before_urldata_rename

curl-6_5

curl-6_5_1

curl-6_5_2

curl-7_10

curl-7_10_1

curl-7_10_2

curl-7_10_3

curl-7_10_4

curl-7_10_5

curl-7_10_6

curl-7_10_7

curl-7_10_8

curl-7_11_0

curl-7_11_1

curl-7_11_2

curl-7_12_0

curl-7_12_1

curl-7_12_2

curl-7_12_3

curl-7_13_0

curl-7_13_1

curl-7_13_2

curl-7_14_0

curl-7_14_1

curl-7_15_0

curl-7_15_1

curl-7_15_2

curl-7_15_3

curl-7_15_4

curl-7_15_5

curl-7_15_6-prepipeline

curl-7_16_0

curl-7_16_1

curl-7_16_2

curl-7_16_3

curl-7_16_4

curl-7_17_0

curl-7_17_0-preldapfix

curl-7_17_1

curl-7_18_0

curl-7_18_1

curl-7_18_2

curl-7_19_0

curl-7_19_1

curl-7_19_2

curl-7_19_3

curl-7_19_4

curl-7_19_5

curl-7_19_6

curl-7_19_7

curl-7_1_1

curl-7_2

curl-7_20_0

curl-7_20_1

curl-7_21_0

curl-7_21_1

curl-7_21_2

curl-7_21_3

curl-7_21_4

curl-7_21_5

curl-7_21_6

curl-7_21_7

curl-7_22_0

curl-7_23_0

curl-7_23_1

curl-7_24_0

curl-7_25_0

curl-7_26_0

curl-7_27_0

curl-7_28_0

curl-7_28_1

curl-7_29_0

curl-7_3

curl-7_30_0

curl-7_31_0

curl-7_32_0

curl-7_33_0

curl-7_34_0

curl-7_35_0

curl-7_36_0

curl-7_37_0

curl-7_37_1

curl-7_38_0

curl-7_39_0

curl-7_40_0

curl-7_41_0

curl-7_42_0

curl-7_43_0

curl-7_44_0

curl-7_45_0

curl-7_46_0

curl-7_4_1

curl-7_5

curl-7_5_2

curl-7_6

curl-7_6-pre4

curl-7_6_1

curl-7_6_1-pre1

curl-7_6_1-pre2

curl-7_6_1-pre3

curl-7_7

curl-7_7-beta1

curl-7_7-beta2

curl-7_7-beta3

curl-7_7-beta5

curl-7_7_1

curl-7_7_2

curl-7_7_3

curl-7_7_alpha2

curl-7_8

curl-7_8-pre2

curl-7_8_1

curl-7_8_1-pre3

curl-7_9

curl-7_9_1

curl-7_9_2

curl-7_9_3

curl-7_9_3-pre1

curl-7_9_3-pre2

curl-7_9_3-pre3

curl-7_9_4

curl-7_9_5

curl-7_9_5-pre2

curl-7_9_5-pre4

curl-7_9_6

curl-7_9_7

curl-7_9_7-pre2

curl-7_9_8

curl_7_6-pre3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-0754.json"