Buffer Overflow Vulnerability in Curl Affecting Prior Versions
CVE-2016-9586
5.9MEDIUM
Summary
An issue exists in versions of curl prior to 7.52.0 where a buffer overflow may occur during large floating point outputs in libcurl's printf() implementation. This vulnerability can be exploited in situations where an application accepts format strings from untrusted sources without adequate input validation, potentially allowing attackers to execute remote commands and compromise system integrity.
Affected Version(s)
curl curl 7.52.0
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved