Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-5421

Опубликовано: 03 авг. 2016
Источник: redhat
CVSS3: 8.1
CVSS2: 6.2
EPSS Низкий

Описание

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

A use-after-free flaw was found in libcurl. When invoking curl_easy_perform() after cleaning up a multi session, an application can be tricked into using libcurl to connect to a malicious server, allowing an attacker to potentially execute arbitrary code. The highest threat from this vulnerability is to data confidentiality and integrity as well as data confidentiality.

Отчет

The versions of curl as shipped with Red Hat Enterprise Linux 5, 6, and 7 are marked as "notaffected" because they did not include the vulnerable code, which was introduced in a later version of the package. Specifically, the struct field affected by this flaw was introduced in curl upstream version 7.32.0. The version of curl as shipped with Red Hat Enterprise Linux 7 is 7.29.0.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
.NET Core 1.0 on Red Hat Enterprise Linuxrh-dotnetcore10-curlOut of support scope
.NET Core 1.1 on Red Hat Enterprise Linuxrh-dotnetcore11-curlOut of support scope
.NET Core 2.0 on Red Hat Enterprise Linuxrh-dotnet20-curlOut of support scope
.NET Core 2.1 on Red Hat Enterprise Linuxrh-dotnet21-curlWill not fix
Red Hat Enterprise Linux 5curlNot affected
Red Hat Enterprise Linux 6curlNot affected
Red Hat Enterprise Linux 7curlNot affected
Red Hat Enterprise Virtualization 3mingw-virt-viewerWill not fix
Red Hat JBoss Enterprise Web Server 3curlNot affected
Red Hat Software Collections for Red Hat Enterprise Linux 6httpd24-curlFixedRHSA-2018:355813.11.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1362199curl: Use of connection struct after free

EPSS

Процентиль: 79%
0.01296
Низкий

8.1 High

CVSS3

6.2 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-5421

CVSS3: 8.1
ubuntu
больше 9 лет назад

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

nvd логотип

CVE-2016-5421

CVSS3: 8.1
nvd
больше 9 лет назад

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

debian логотип

CVE-2016-5421

CVSS3: 8.1
debian
больше 9 лет назад

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers ...

github логотип

GHSA-89f8-gvcm-9g9g

CVSS3: 8.1
github
больше 3 лет назад

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

suse-cvrf логотип

openSUSE-SU-2016:2379-1

suse-cvrf
больше 9 лет назад

Security update for curl

EPSS

Процентиль: 79%
0.01296
Низкий

8.1 High

CVSS3

6.2 Medium

CVSS2

Уязвимость CVE-2016-5421