CVE-2016-4802 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-4802 Interim 1 20 2025-04-13T23:12:25Z current 2021-05-30T13:42:29Z 2025-04-13T23:12:25Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-4802 Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP3 LTSS SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Studio Onsite 1.3 curl libcurl-devel libcurl4 libcurl4-32bit curl as a component of SUSE Linux Enterprise Desktop 12 libcurl4 as a component of SUSE Linux Enterprise Desktop 12 libcurl4-32bit as a component of SUSE Linux Enterprise Desktop 12 curl as a component of SUSE Linux Enterprise Desktop 12 SP1 libcurl4 as a component of SUSE Linux Enterprise Desktop 12 SP1 libcurl4-32bit as a component of SUSE Linux Enterprise Desktop 12 SP1 curl as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata curl as a component of SUSE Linux Enterprise Server 11 SP2 LTSS curl as a component of SUSE Linux Enterprise Server 11 SP3 LTSS curl as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata curl as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libcurl4 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libcurl4-32bit as a component of SUSE Linux Enterprise Server 11 SP4-LTSS curl as a component of SUSE Linux Enterprise Server 12 libcurl4 as a component of SUSE Linux Enterprise Server 12 libcurl4-32bit as a component of SUSE Linux Enterprise Server 12 curl as a component of SUSE Linux Enterprise Server 12 SP1 libcurl4 as a component of SUSE Linux Enterprise Server 12 SP1 libcurl4-32bit as a component of SUSE Linux Enterprise Server 12 SP1 libcurl-devel as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 curl as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libcurl-devel as a component of SUSE Linux Enterprise Software Development Kit 12 curl as a component of SUSE Linux Enterprise Software Development Kit 12 libcurl-devel as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 curl as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 libcurl-devel as a component of SUSE Studio Onsite 1.3 curl as a component of SUSE Studio Onsite 1.3 Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. CVE-2016-4802 SUSE Linux Enterprise Desktop 12 SP1:curl SUSE Linux Enterprise Desktop 12 SP1:libcurl4 SUSE Linux Enterprise Desktop 12 SP1:libcurl4-32bit SUSE Linux Enterprise Desktop 12:curl SUSE Linux Enterprise Desktop 12:libcurl4 SUSE Linux Enterprise Desktop 12:libcurl4-32bit SUSE Linux Enterprise Server 11 SP1 for Teradata:curl SUSE Linux Enterprise Server 11 SP2 LTSS:curl SUSE Linux Enterprise Server 11 SP3 LTSS:curl SUSE Linux Enterprise Server 11 SP3 for Teradata:curl SUSE Linux Enterprise Server 11 SP4-LTSS:curl SUSE Linux Enterprise Server 11 SP4-LTSS:libcurl4 SUSE Linux Enterprise Server 11 SP4-LTSS:libcurl4-32bit SUSE Linux Enterprise Server 12 SP1:curl SUSE Linux Enterprise Server 12 SP1:libcurl4 SUSE Linux Enterprise Server 12 SP1:libcurl4-32bit SUSE Linux Enterprise Server 12:curl SUSE Linux Enterprise Server 12:libcurl4 SUSE Linux Enterprise Server 12:libcurl4-32bit SUSE Linux Enterprise Software Development Kit 11 SP4:curl SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel SUSE Linux Enterprise Software Development Kit 12 SP1:curl SUSE Linux Enterprise Software Development Kit 12 SP1:libcurl-devel SUSE Linux Enterprise Software Development Kit 12:curl SUSE Linux Enterprise Software Development Kit 12:libcurl-devel SUSE Studio Onsite 1.3:curl SUSE Studio Onsite 1.3:libcurl-devel important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H