CVE-2016-7167 — Integer Overflow or Wraparound in Libcurl
Severity
9.8CRITICALNVD
OSV7.5
EPSS
2.3%
top 15.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 7
Latest updateMay 14
Description
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages3 packages
Also affects: Fedora 23, 24, 25
🔴Vulnerability Details
4GHSA▶
GHSA-679j-c6m7-q7pr: Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7↗2022-05-14
OSV▶
CVE-2016-7167: Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7↗2016-10-07
CVEList▶
CVE-2016-7167: Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7↗2016-10-07
📋Vendor Advisories
4💬Community
4Bugzilla
▶