CVE-2016-8622

Опубликовано: 31 июл. 2018

Источник: ubuntu

Приоритет: medium

CVSS2: 7.5

CVSS3: 3.7

Описание

The URL percent-encoding decode function in libcurl before 7.51.0 is called curl_easy_unescape. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.

Релиз	Статус	Примечание
devel	released	7.50.1-1ubuntu2
esm-infra-legacy/trusty	released	7.35.0-1ubuntu2.10
esm-infra/xenial	released	7.47.0-1ubuntu2.2
precise	released	7.22.0-3ubuntu4.17
precise/esm	not-affected	7.22.0-3ubuntu4.17
trusty	released	7.35.0-1ubuntu2.10
trusty/esm	released	7.35.0-1ubuntu2.10
upstream	released	7.51.0
vivid/stable-phone-overlay	ignored	end of life
vivid/ubuntu-core	released	7.38.0-3ubuntu2.4

Показывать по

Ссылки на источники

7.5 High

CVSS2

3.7 Low

CVSS3

Связанные уязвимости

CVE-2016-8622

CVSS3: 3.7

redhat

около 9 лет назад

The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.

CVE-2016-8622

CVSS3: 3.7

nvd

больше 7 лет назад

CVE-2016-8622

CVSS3: 3.7

debian

больше 7 лет назад

The URL percent-encoding decode function in libcurl before 7.51.0 is c ...

GHSA-xfmx-53v5-938g

CVSS3: 9.8

github

больше 3 лет назад

openSUSE-SU-2016:2768-1

suse-cvrf

почти 9 лет назад

Security update for curl

7.5 High

CVSS2

3.7 Low

CVSS3

CVE-2016-8622

Описание

Пакет curl

Ссылки на источники

Связанные уязвимости