Double-Free Vulnerability in libcurl API Function Affecting Multiple Versions
CVE-2016-8618

5.3MEDIUM

Key Information:

Vendor

The Curl Project

Status
Curl
Vendor
CVE Published:
31 July 2018

What is CVE-2016-8618?

The libcurl API function curl_maprintf() prior to version 7.51.0 is susceptible to a double-free vulnerability. This issue arises from an unsafe multiplication involving size_t, particularly affecting systems that utilize 32-bit size_t variables. If exploited, this vulnerability could allow malicious actors to manipulate memory, potentially leading to application crashes and the execution of arbitrary code. Users of affected versions are advised to update to the latest version to mitigate this risk.

Affected Version(s)

curl 7.51.0

References

https://access.redhat.com/errata/RHSA-2018:3558
vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618
x_refsource_CONFIRM
https://www.tenable.com/security/tns-2016-21
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.