Back to search
CVE-2016-7167
Published: Oct 7, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2016-80f4f71eff
vendor-advisory
x_refsource_FEDORA
SSA:2016-259-01
vendor-advisory
x_refsource_SLACKWARE
RHSA-2018:3558
vendor-advisory
x_refsource_REDHAT
FEDORA-2016-08533fc59c
vendor-advisory
x_refsource_FEDORA
92975
vdb-entry
x_refsource_BID
[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update
mailing-list
x_refsource_MLIST
1036813
vdb-entry
x_refsource_SECTRACK
https://curl.haxx.se/docs/adv_20160914.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
x_refsource_CONFIRM
RHSA-2017:2016
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2486
vendor-advisory
x_refsource_REDHAT
GLSA-201701-47
vendor-advisory
x_refsource_GENTOO
FEDORA-2016-7a2ed52d41
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now