Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-7167

Опубликовано: 14 сент. 2016
Источник: redhat
CVSS3: 2.9
CVSS2: 4.3
EPSS Низкий

Описание

Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.

Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescaping of data. An attacker could potentially use these flaws to crash an application using libcurl by sending a specially crafted input to the affected libcurl functions.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
.NET Core 1.0 on Red Hat Enterprise Linuxrh-dotnetcore10-curlOut of support scope
.NET Core 1.1 on Red Hat Enterprise Linuxrh-dotnetcore11-curlOut of support scope
.NET Core 2.0 on Red Hat Enterprise Linuxrh-dotnet20-curlOut of support scope
.NET Core 2.1 on Red Hat Enterprise Linuxrh-dotnet21-curlWill not fix
Red Hat Enterprise Linux 5curlWill not fix
Red Hat Enterprise Linux 6curlWill not fix
Red Hat Enterprise Virtualization 3mingw-virt-viewerWill not fix
Red Hat Enterprise Linux 7curlFixedRHSA-2017:201601.08.2017
Red Hat Software Collections for Red Hat Enterprise Linux 6httpd24-curlFixedRHSA-2018:355813.11.2018
Red Hat Software Collections for Red Hat Enterprise Linux 6httpd24-httpdFixedRHSA-2018:355813.11.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1375906curl: escape and unescape integer overflows

EPSS

Процентиль: 86%
0.02852
Низкий

2.9 Low

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-7167

CVSS3: 9.8
ubuntu
больше 9 лет назад

Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.

nvd логотип

CVE-2016-7167

CVSS3: 9.8
nvd
больше 9 лет назад

Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.

debian логотип

CVE-2016-7167

CVSS3: 9.8
debian
больше 9 лет назад

Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escap ...

github логотип

GHSA-679j-c6m7-q7pr

CVSS3: 9.8
github
больше 3 лет назад

Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.

oracle-oval логотип

ELSA-2017-2016

oracle-oval
больше 8 лет назад

ELSA-2017-2016: curl security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 86%
0.02852
Низкий

2.9 Low

CVSS3

4.3 Medium

CVSS2