ID CVE-2016-7167
Summary Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:6.1:beta:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:6.1:beta:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:6.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:6.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:6.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:6.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:6.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:6.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:6.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:6.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.6:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.7:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.8:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.9:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.10:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.10.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.10.7:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.10.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.10.8:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.10.8:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.39.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.39.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.42:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.42:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.42.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.42.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.42.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.42.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.43.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.43.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.44.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.44.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.45.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.45.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.46.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.46.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.47.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.47.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.47.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.47.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.48.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.48.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.49.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.49.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.49.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.49.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.50.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.50.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.50.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.50.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:libcurl:7.50.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:libcurl:7.50.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 13-11-2018 - 11:29)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1420327
    title CURL 7.29 cannot connect to FTPS using proxytunnel
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment curl is earlier than 0:7.29.0-42.el7
            oval oval:com.redhat.rhsa:tst:20172016001
          • comment curl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110918012
        • AND
          • comment libcurl is earlier than 0:7.29.0-42.el7
            oval oval:com.redhat.rhsa:tst:20172016003
          • comment libcurl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110918014
        • AND
          • comment libcurl-devel is earlier than 0:7.29.0-42.el7
            oval oval:com.redhat.rhsa:tst:20172016005
          • comment libcurl-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110918016
    rhsa
    id RHSA-2017:2016
    released 2017-08-01
    severity Moderate
    title RHSA-2017:2016: curl security, bug fix, and enhancement update (Moderate)
  • rhsa
    id RHSA-2018:2486
  • rhsa
    id RHSA-2018:3558
rpms
  • curl-0:7.29.0-42.el7
  • curl-debuginfo-0:7.29.0-42.el7
  • libcurl-0:7.29.0-42.el7
  • libcurl-devel-0:7.29.0-42.el7
  • httpd24-curl-0:7.61.1-1.el6
  • httpd24-curl-0:7.61.1-1.el7
  • httpd24-curl-debuginfo-0:7.61.1-1.el6
  • httpd24-curl-debuginfo-0:7.61.1-1.el7
  • httpd24-httpd-0:2.4.34-7.el6
  • httpd24-httpd-0:2.4.34-7.el7
  • httpd24-httpd-debuginfo-0:2.4.34-7.el6
  • httpd24-httpd-debuginfo-0:2.4.34-7.el7
  • httpd24-httpd-devel-0:2.4.34-7.el6
  • httpd24-httpd-devel-0:2.4.34-7.el7
  • httpd24-httpd-manual-0:2.4.34-7.el6
  • httpd24-httpd-manual-0:2.4.34-7.el7
  • httpd24-httpd-tools-0:2.4.34-7.el6
  • httpd24-httpd-tools-0:2.4.34-7.el7
  • httpd24-libcurl-0:7.61.1-1.el6
  • httpd24-libcurl-0:7.61.1-1.el7
  • httpd24-libcurl-devel-0:7.61.1-1.el6
  • httpd24-libcurl-devel-0:7.61.1-1.el7
  • httpd24-libnghttp2-0:1.7.1-7.el6
  • httpd24-libnghttp2-0:1.7.1-7.el7
  • httpd24-libnghttp2-devel-0:1.7.1-7.el6
  • httpd24-libnghttp2-devel-0:1.7.1-7.el7
  • httpd24-mod_ldap-0:2.4.34-7.el6
  • httpd24-mod_ldap-0:2.4.34-7.el7
  • httpd24-mod_md-0:2.4.34-7.el7
  • httpd24-mod_proxy_html-1:2.4.34-7.el6
  • httpd24-mod_proxy_html-1:2.4.34-7.el7
  • httpd24-mod_session-0:2.4.34-7.el6
  • httpd24-mod_session-0:2.4.34-7.el7
  • httpd24-mod_ssl-1:2.4.34-7.el6
  • httpd24-mod_ssl-1:2.4.34-7.el7
  • httpd24-nghttp2-0:1.7.1-7.el6
  • httpd24-nghttp2-0:1.7.1-7.el7
  • httpd24-nghttp2-debuginfo-0:1.7.1-7.el6
  • httpd24-nghttp2-debuginfo-0:1.7.1-7.el7
refmap via4
bid 92975
confirm
fedora
  • FEDORA-2016-08533fc59c
  • FEDORA-2016-7a2ed52d41
  • FEDORA-2016-80f4f71eff
gentoo GLSA-201701-47
mlist [debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update
sectrack 1036813
slackware SSA:2016-259-01
Last major update 13-11-2018 - 11:29
Published 07-10-2016 - 14:59
Last modified 13-11-2018 - 11:29
Back to Top