VDB
ALPINE-CVE-2016-8625
ALPINE-CVE-2016-8625
PUBLISHED
CVSS 7.5 HIGH
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.
Risk Scores
CVSS 3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.8 | curl | 0, 7.19.2-r0, 7.19.4-r0 |
| Alpine:v3.14 | curl | 7.27.0-r0, 7.35.0-r0, 7.36.0-r0 |
| Alpine:v3.12 | curl | 0, 7.19.2-r1, 7.19.4-r0 |
| Alpine:v3.9 | curl | 7.50.3-r1, 0, 7.19.2-r0 |
| Alpine:v3.17 | curl | 7.34.0-r1, 7.35.0-r0, 7.36.0-r0 |
| Alpine:v3.7 | curl | 7.21.3-r0, 7.19.2-r1, 7.19.5-r0 |
| Alpine:v3.13 | curl | 0, 7.35.0-r0, 7.36.0-r0 |
| Alpine:v3.16 | curl | 7.45.0-r0, 0, 7.19.2-r0 |
| Alpine:v3.5 | curl | 7.37.0-r0, 7.35.0-r0, 7.34.0-r1 |
| Alpine:v3.19 | curl | 0, 7.19.2-r0, 7.19.2-r1 |
| Alpine:v3.18 | curl | 7.38.0-r0, 0, 7.50.3-r1 |
| Alpine:v3.6 | curl | 7.50.3-r1, 0, 0 |
| Alpine:v3.21 | curl | 0, 7.19.2-r0, 7.19.2-r1 |
| Alpine:v3.22 | curl | 7.20.1-r1, 0, 7.19.2-r1 |
| Alpine:v3.10 | curl | 0, 7.50.3-r1, 7.50.3-r0 |
| Alpine:v3.15 | curl | 7.49.0-r0, 7.19.2-r0, 7.19.2-r1 |
| Alpine:v3.24 | curl | 0 |
| Alpine:v3.4 | curl | 7.19.6-r0, 7.19.7-r1, 7.20.1-r1 |
| Alpine:v3.20 | curl | 7.21.5-r1, 7.21.7-r0, 7.21.3-r1 |
| Alpine:v3.11 | curl | 0, 0, 7.50.3-r1 |
…and 1 more
Exploit Intelligence
- glcve_test.go (github-poc)
Timeline
- Aug 1, 2018 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 9, 2026 CVE Updated