Out of Bounds Read Vulnerability in cURL Affecting Multiple Versions
CVE-2016-8621

5.3MEDIUM

Key Information:

Vendor: The Curl Project
Status: Curl
Vendor: CVE Published:; 31 July 2018

What is CVE-2016-8621?

The cURL library's curl_getdate function is susceptible to an out of bounds read vulnerability caused by improperly handling input that is one digit short of the expected format. Attackers can exploit this flaw to potentially access sensitive information or manipulate data retrieval processes. It is important for users and developers to be aware of this vulnerability and ensure that they are using versions of cURL that have been updated to patch this issue.

Affected Version(s)

curl 7.51.0

References

https://curl.haxx.se/docs/adv_20161102G.html

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2018:3558

vendor-advisoryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 31, 2018
Vulnerability Reserved
Oct 12, 2016

The Curl Project

What is CVE-2016-8621?

Affected Version(s)

References

CVSS V3.1

Timeline