Buffer Overflow Vulnerability in Curl Affecting Prior Versions
CVE-2016-9586

5.9MEDIUM

Key Information:

Vendor
Red Hat
Status
Curl
Vendor
CVE Published:
23 April 2018

Summary

An issue exists in versions of curl prior to 7.52.0 where a buffer overflow may occur during large floating point outputs in libcurl's printf() implementation. This vulnerability can be exploited in situations where an application accepts format strings from untrusted sources without adequate input validation, potentially allowing attackers to execute remote commands and compromise system integrity.

Affected Version(s)

curl curl 7.52.0

References

https://access.redhat.com/errata/RHSA-2018:3558
vendor-advisoryx_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2018/11/msg0...
mailing-listx_refsource_MLIST
https://curl.haxx.se/docs/adv_20161221A.html
x_refsource_CONFIRM

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.