#VU655 Arbitrary code execution in libcurl - CVE-2016-7167
Published: September 23, 2016
Vulnerability identifier: #VU655
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-7167
CWE-ID: CWE-191
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
libcurl
libcurl
Software vendor:
curl.haxx.se
curl.haxx.se
Description
The vulnerability exposes a remote user's possibility to cause arbitrary code execution on the target system.
The weakness exists due to integer overflow. Using of specially crafted length parameter value to certain libcurl functions allows attackers to obtain potentially sensitive information and execute arbitrary code.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
The weakness exists due to integer overflow. Using of specially crafted length parameter value to certain libcurl functions allows attackers to obtain potentially sensitive information and execute arbitrary code.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Remediation
Update to 7.50.3.