Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2016-8622 |
CWE-ID | CWE-787 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
libcurl Universal components / Libraries / Libraries used by multiple products |
Vendor | curl.haxx.se |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU33021
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-8622
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.
MitigationInstall update from vendor's website.
Vulnerable software versionslibcurl: 7.4 - 7.50.3
External linkshttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/94105
http://www.securitytracker.com/id/1037192
http://access.redhat.com/errata/RHSA-2018:2486
http://access.redhat.com/errata/RHSA-2018:3558
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622
http://curl.haxx.se/docs/adv_20161102H.html
http://security.gentoo.org/glsa/201701-47
http://www.tenable.com/security/tns-2016-21
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.