Double-Free Vulnerability in libcurl API Function Affecting Multiple Versions
CVE-2016-8618

5.3MEDIUM

Key Information:

Status
Vendor
CVE Published:
31 July 2018

What is CVE-2016-8618?

The libcurl API function curl_maprintf() prior to version 7.51.0 is susceptible to a double-free vulnerability. This issue arises from an unsafe multiplication involving size_t, particularly affecting systems that utilize 32-bit size_t variables. If exploited, this vulnerability could allow malicious actors to manipulate memory, potentially leading to application crashes and the execution of arbitrary code. Users of affected versions are advised to update to the latest version to mitigate this risk.

Affected Version(s)

curl 7.51.0

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.