VDB

ALPINE-CVE-2016-8625

ALPINE-CVE-2016-8625 PUBLISHED CVSS 7.5 HIGH

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.

Risk Scores

CVSS 3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
Alpine:v3.8curl0, 7.19.2-r0, 7.19.4-r0
Alpine:v3.14curl7.27.0-r0, 7.35.0-r0, 7.36.0-r0
Alpine:v3.12curl0, 7.19.2-r1, 7.19.4-r0
Alpine:v3.9curl7.50.3-r1, 0, 7.19.2-r0
Alpine:v3.17curl7.34.0-r1, 7.35.0-r0, 7.36.0-r0
Alpine:v3.7curl7.21.3-r0, 7.19.2-r1, 7.19.5-r0
Alpine:v3.13curl0, 7.35.0-r0, 7.36.0-r0
Alpine:v3.16curl7.45.0-r0, 0, 7.19.2-r0
Alpine:v3.5curl7.37.0-r0, 7.35.0-r0, 7.34.0-r1
Alpine:v3.19curl0, 7.19.2-r0, 7.19.2-r1
Alpine:v3.18curl7.38.0-r0, 0, 7.50.3-r1
Alpine:v3.6curl7.50.3-r1, 0, 0
Alpine:v3.21curl0, 7.19.2-r0, 7.19.2-r1
Alpine:v3.22curl7.20.1-r1, 0, 7.19.2-r1
Alpine:v3.10curl0, 7.50.3-r1, 7.50.3-r0
Alpine:v3.15curl7.49.0-r0, 7.19.2-r0, 7.19.2-r1
Alpine:v3.24curl0
Alpine:v3.4curl7.19.6-r0, 7.19.7-r1, 7.20.1-r1
Alpine:v3.20curl7.21.5-r1, 7.21.7-r0, 7.21.3-r1
Alpine:v3.11curl0, 0, 7.50.3-r1

…and 1 more

Exploit Intelligence

Timeline

  • Aug 1, 2018 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 9, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›