Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2016-8622 |
CWE-ID | CWE-787 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
curl (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU33021
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-8622
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.
MitigationInstall update from vendor's website.
Vulnerable software versionscurl (Alpine package): 7.49.1-r3
External linkshttp://git.alpinelinux.org/aports/commit/?id=7079fe21530ae1c8147925d8b591131b786ab2e9
http://git.alpinelinux.org/aports/commit/?id=619d9f8608068fab555a9a54e6154eb798eb5c2c
http://git.alpinelinux.org/aports/commit/?id=ba3dc3d210189d8b88c35c3b6850f54f8041f3fa
http://git.alpinelinux.org/aports/commit/?id=4cbdd0cf8c1d0c855e0d3cfb56ef02aa19716a01
http://git.alpinelinux.org/aports/commit/?id=41621bfa2c8cbc7303191ddefd9ccaa650d8b359
http://git.alpinelinux.org/aports/commit/?id=ffe6b82496f728d1d75dae4030047c6ff48a9c5a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.