CVE-2016-9594

Опубликовано: 23 апр. 2018

Источник: nvd

CVSS3: 6.5

CVSS3: 8.1

CVSS2: 6.8

EPSS Низкий

Описание

curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.

Ссылки

http://www.securityfocus.com/bid/95094
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037528
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9594
Issue Tracking
Third Party Advisory
https://curl.haxx.se/docs/adv_20161223.html
Vendor Advisory
https://security.gentoo.org/glsa/201701-47
Third Party Advisory
https://www.tenable.com/security/tns-2017-04
Third Party Advisory
http://www.securityfocus.com/bid/95094
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037528
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9594
Issue Tracking
Third Party Advisory
https://curl.haxx.se/docs/adv_20161223.html
Vendor Advisory
https://security.gentoo.org/glsa/201701-47
Third Party Advisory
https://www.tenable.com/security/tns-2017-04
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Версия до 7.52.1 (исключая)

EPSS

Процентиль: 77%

0.01088

Низкий

6.5 Medium

CVSS3

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-665

Связанные уязвимости

CVE-2016-9594

CVSS3: 6.5

ubuntu

почти 8 лет назад

CVE-2016-9594

CVSS3: 6.5

redhat

около 9 лет назад

CVE-2016-9594

CVSS3: 6.5

debian

почти 8 лет назад

curl before version 7.52.1 is vulnerable to an uninitialized random in ...

GHSA-qq6c-xrmh-q72x

CVSS3: 8.1

github

больше 3 лет назад

EPSS

Процентиль: 77%

0.01088

Низкий

6.5 Medium

CVSS3

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-665