Integer Overflow Vulnerability in Curl Affecting Versions Prior to 7.51.0
CVE-2016-8620

6.5MEDIUM

Key Information:

Vendor: The Curl Project
Status: Curl
Vendor: CVE Published:; 1 August 2018

What is CVE-2016-8620?

The 'globbing' feature in curl prior to version 7.51.0 is affected by a vulnerability that allows an integer overflow. This flaw can lead to an out-of-bounds read, enabling an attacker to manipulate user-controlled input and potentially compromise system security. It is essential for users of affected versions to upgrade to mitigate risks associated with this vulnerability.

Affected Version(s)

curl 7.51.0

References

http://www.securityfocus.com/bid/94102

vdb-entryx_refsource_BID

https://access.redhat.com/errata/RHSA-2018:3558

vendor-advisoryx_refsource_REDHAT

https://curl.haxx.se/docs/adv_20161102F.html

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 1, 2018
Vulnerability Reserved
Oct 12, 2016

The Curl Project

What is CVE-2016-8620?

Affected Version(s)

References

CVSS V3.1

Timeline