Arbitrary code execution in curl (Alpine package)

1) Arbitrary code execution

EUVDB-ID: #VU655

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-7167

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability exposes a remote user's possibility to cause arbitrary code execution on the target system.
The weakness exists due to integer overflow. Using of specially crafted length parameter value to certain libcurl functions allows attackers to obtain potentially sensitive information and execute arbitrary code.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

curl (Alpine package): 7.49.1-r2

External links

http://git.alpinelinux.org/aports/commit/?id=e57c1f8b95e9a6aecc75e9eaae6c7bf9e259adb6
http://git.alpinelinux.org/aports/commit/?id=7079fe21530ae1c8147925d8b591131b786ab2e9
http://git.alpinelinux.org/aports/commit/?id=619d9f8608068fab555a9a54e6154eb798eb5c2c
http://git.alpinelinux.org/aports/commit/?id=39696e7a1a7079578ea07cb9514fd0c50105340e
http://git.alpinelinux.org/aports/commit/?id=f22b822c0b536c5d5ffacb88a915a530c1fdffaf
http://git.alpinelinux.org/aports/commit/?id=31e2b838a9c0851c9c0ca1ea2d71044dabcc9568
http://git.alpinelinux.org/aports/commit/?id=78f4b0171cfeabf10f44073dcb1fda9947daea66
http://git.alpinelinux.org/aports/commit/?id=0b5317d5717ad95fbe3c5737438b3f62f5457f61
http://git.alpinelinux.org/aports/commit/?id=1e2ca865be78518b4c0964d5d556b96b41de0de0

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.