CVE-2016-8619 CRITICAL

Published: 2018-08-01 | Last Modified: 2026-06-17 | Status: Modified

Description

The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.

Additional Descriptions (1)

La función "read_data()" en security.c en curl en versiones anteriores a la 7.51.0 es vulnerable a una doble liberación (double free) de memoria.

CVSS Metrics

Base Score: 7.5 (HIGH)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-416
[email protected]	Primary	en CWE-415

Affected Products

Vendor	Product	Version	Update	Type
haxx	curl	*	<built-in method update of dict object at 0x72a9cd06f200>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:haxx:curl::::::::`

References

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Source: [email protected]

Patch
http://www.securityfocus.com/bid/94100
Source: [email protected]

Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037192
Source: [email protected]

Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:2486
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3558
Source: [email protected]

Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619
Source: [email protected]

Issue Tracking Patch Third Party Advisory
https://curl.haxx.se/CVE-2016-8619.patch
Source: [email protected]

Patch Vendor Advisory
https://curl.haxx.se/docs/adv_20161102E.html
Source: [email protected]

Patch Vendor Advisory
https://security.gentoo.org/glsa/201701-47
Source: [email protected]

Third Party Advisory
https://www.tenable.com/security/tns-2016-21
Source: [email protected]

Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Source: af854a3a-2127-422b-91ae-364da2661108

Patch
http://www.securityfocus.com/bid/94100
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037192
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:2486
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3558
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619
Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking Patch Third Party Advisory
https://curl.haxx.se/CVE-2016-8619.patch
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory
https://curl.haxx.se/docs/adv_20161102E.html
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory
https://security.gentoo.org/glsa/201701-47
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.tenable.com/security/tns-2016-21
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory