Use-After-Free Vulnerability in curl Affects Multiple Versions
CVE-2016-8623

3.3LOW

Key Information:

Vendor

The Curl Project

Status
Curl
Vendor
CVE Published:
1 August 2018

What is CVE-2016-8623?

A flaw in curl, prior to version 7.51.0, allows multiple threads to interact with cookies improperly, leading to a use-after-free condition. This vulnerability can result in sensitive information exposure, posing a serious risk to applications relying on this library. Users and administrators are advised to update to a patched version to mitigate potential threats.

Affected Version(s)

curl 7.51.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3558
vendor-advisoryx_refsource_REDHAT
https://curl.haxx.se/docs/adv_20161102I.html
x_refsource_CONFIRM

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-8623 : Use-After-Free Vulnerability in curl Affects Multiple Versions