Integer Overflow Vulnerability in Curl Affecting Versions Prior to 7.51.0
CVE-2016-8620

6.5MEDIUM

Key Information:

Vendor

The Curl Project

Status
Curl
Vendor
CVE Published:
1 August 2018

What is CVE-2016-8620?

The 'globbing' feature in curl prior to version 7.51.0 is affected by a vulnerability that allows an integer overflow. This flaw can lead to an out-of-bounds read, enabling an attacker to manipulate user-controlled input and potentially compromise system security. It is essential for users of affected versions to upgrade to mitigate risks associated with this vulnerability.

Affected Version(s)

curl 7.51.0

References

http://www.securityfocus.com/bid/94102
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2018:3558
vendor-advisoryx_refsource_REDHAT
https://curl.haxx.se/docs/adv_20161102F.html
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.