CVE-2016-8617 HIGH

Published: 2018-07-31 | Last Modified: 2026-06-17 | Status: Modified

Description

The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.

Additional Descriptions (1)

La función de cifrado en base64 de curl en versiones anteriores a la 7.51.0 es propenso a que se subasigne un búfer en sistemas de 32 bits si recibe, al menos, 1Gb como entrada mediante "CURLOPT_USERNAME".

CVSS Metrics

Base Score: 4.4 (MEDIUM)

AV:L/AC:M/Au:N/C:P/I:P/A:P

Access Vector	LOCAL
Access Complexity	MEDIUM
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 3.4

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-787
[email protected]	Secondary	en CWE-787

Affected Products

Vendor	Product	Version	Update	Type
haxx	curl	*	<built-in method update of dict object at 0x72a9b0905ac0>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:haxx:curl::::::::`

References

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Source: [email protected]
http://www.securityfocus.com/bid/94097
Source: [email protected]

Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037192
Source: [email protected]

Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:2486
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3558
Source: [email protected]
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617
Source: [email protected]

Issue Tracking Patch Third Party Advisory
https://curl.haxx.se/CVE-2016-8617.patch
Source: [email protected]

Patch Vendor Advisory
https://curl.haxx.se/docs/adv_20161102C.html
Source: [email protected]

Patch Vendor Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
Source: [email protected]
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
Source: [email protected]
https://security.gentoo.org/glsa/201701-47
Source: [email protected]

Third Party Advisory
https://www.tenable.com/security/tns-2016-21
Source: [email protected]

Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/94097
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037192
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:2486
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3558
Source: af854a3a-2127-422b-91ae-364da2661108
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617
Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking Patch Third Party Advisory
https://curl.haxx.se/CVE-2016-8617.patch
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory
https://curl.haxx.se/docs/adv_20161102C.html
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://security.gentoo.org/glsa/201701-47
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.tenable.com/security/tns-2016-21
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory