CVE-2016-9586 HIGH

Published: 2018-04-23 | Last Modified: 2026-06-17 | Status: Modified

Description

curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.

Additional Descriptions (1)

curl, en versiones anteriores a la 7.52.0, es vulnerable a un desbordamiento de búfer cuando se realiza un envío de un gran puntero flotante en la implementación de libcurl de la función printf(). Si hay aplicaciones que acepten una cadena de formato externa sin necesitar un filtrado de entrada, podría permitir ataques remotos.

CVSS Metrics

Base Score: 6.8 (MEDIUM)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector	NETWORK
Access Complexity	MEDIUM
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 8.6

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-122
[email protected]	Secondary	en CWE-119

Affected Products

Vendor	Product	Version	Update	Type
haxx	curl	*	<built-in method update of dict object at 0x72a9ccf9dc80>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:haxx:curl::::::::`

References

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Source: [email protected]
http://www.securityfocus.com/bid/95019
Source: [email protected]

Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037515
Source: [email protected]

Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:3558
Source: [email protected]
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586
Source: [email protected]

Issue Tracking Third Party Advisory
https://curl.haxx.se/docs/adv_20161221A.html
Source: [email protected]

Vendor Advisory
https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16
Source: [email protected]

Patch Third Party Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
Source: [email protected]
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
Source: [email protected]
https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html
Source: [email protected]
https://security.gentoo.org/glsa/201701-47
Source: [email protected]

Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/95019
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037515
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:3558
Source: af854a3a-2127-422b-91ae-364da2661108
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586
Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking Third Party Advisory
https://curl.haxx.se/docs/adv_20161221A.html
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://security.gentoo.org/glsa/201701-47
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory