Out-of-Bounds in curl

Do your applications use this vulnerable package? Test your applications

Overview

curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.

References

CONFIRM
CVE Details
Debian Security Announcement
Debian Security Tracker
Gentoo Security Advisory
GitHub Commit
Oracle Security Advisory
RHSA Security Advisory
RedHat Bugzilla Bug
Security Focus
Security Tracker
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

High
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2016-9586
CWE: CWE-119 CWE-122
Snyk ID: SNYK-DEBIAN8-CURL-358896
Disclosed: 23 Apr, 2018
Published: 23 Apr, 2018

Out-of-Bounds
Affecting curl package, versions <7.38.0-4+deb8u13

Overview

References

CVSS Score

Out-of-Bounds Affecting curl package, versions <7.38.0-4+deb8u13

Overview

References

Out-of-Bounds
Affecting curl package, versions <7.38.0-4+deb8u13