Vulnerability CVE-2016-8620: Information

Description

The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-8620
Published: Aug. 1, 2018
Modified: Nov. 7, 2023
Error type identifier: CWE-125CWE-190

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
curlsisyphus7.51.0-alt18.7.1-alt2ALT-PU-2016-2231-1171758Fixed
curlp107.51.0-alt18.7.1-alt1ALT-PU-2016-2231-1171758Fixed
curlp97.51.0-alt17.79.0-alt2ALT-PU-2016-2231-1171758Fixed
curlp87.52.1-alt1.M80P.17.65.0-alt1ALT-PU-2016-2480-1175378Fixed
curlc10f17.51.0-alt18.6.0-alt1ALT-PU-2016-2231-1171758Fixed
curlc9f27.51.0-alt18.6.0-alt1ALT-PU-2016-2231-1171758Fixed
curlc77.56.1-alt1.M70C.1.17.56.1-alt1.M70C.1.1ALT-PU-2018-1442-1202075Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://curl.haxx.se/docs/adv_20161102F.html
  • Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8620
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://www.tenable.com/security/tns-2016-21
  • Third Party Advisory
GLSA-201701-47
  • Third Party Advisory
1037192
  • Third Party Advisory
  • VDB Entry
94102
  • Third Party Advisory
  • VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
  • Patch
RHSA-2018:3558
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
      End excliding
      7.51.0
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top