Arbitrary code execution in libcurl - CVE-2016-7167
Published: September 23, 2016
Vulnerability identifier: #VU655
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-7167
CWE-ID: CWE-191
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: curl.haxx.se
Affected software:
libcurl
libcurl
Detailed vulnerability description
The vulnerability exposes a remote user's possibility to cause arbitrary code execution on the target system.
The weakness exists due to integer overflow. Using of specially crafted length parameter value to certain libcurl functions allows attackers to obtain potentially sensitive information and execute arbitrary code.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
The weakness exists due to integer overflow. Using of specially crafted length parameter value to certain libcurl functions allows attackers to obtain potentially sensitive information and execute arbitrary code.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
How to mitigate CVE-2016-7167
Update to 7.50.3.