CVE-2016-8618: The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on…

[MEDIUM] Hitachi Energy MSM Product ## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs. ICS Advisory ## Hitachi Energy MSM Product Last RevisedAugust 30, 2022 Alert CodeICSA-22-242-03 ## 1. EXECUTIVE SUMMARY - CVSS v3 7.5 - ATTENTION: Exploitable remotely/low attack complexity - Vendor: Hitachi Energy - Equipment: MSM Product - Vulnerability: Reliance on Uncontrolled Component ## 2. RISK EVALUATION Successful exploitation of this vulnerability could disrupt the functionality of the MSM web interface, steal sensitive user credentials, or cause a denial-of-service condition. ## 3. TECHNICAL DETAILS ## 3.1 AFFECTED PRODUCTS Hitachi Energy reports multiple open-source softwar

CVE-2016-8618 [MEDIUM] CVE-2016-8618: macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite Apple Security Update: About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite Product: macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite CVE: CVE-2016-8618 Component: CVE-2016-8618

CVE-2016-7141 [HIGH] curl vulnerabilities Title: curl vulnerabilities Summary: Several security issues were fixed in curl. It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. (CVE-2016-7141) Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain strings. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7167) It was discovered that curl incorrectly handled storing cookies. A remote attacker could possibly use this issue to inject cookies for arbitrary domains in the cookie jar. (CVE-2016-8615) It was discovered that curl incorrect handled case when comparing user names and pa

CVE-2016-8618 [MEDIUM] CWE-416 curl: Double-free in curl_maprintf curl: Double-free in curl_maprintf The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. Package: rh-dotnetcore10-curl (.NET Core 1.0 on Red Hat Enterprise Linux) - Out of support scope Package: rh-dotnetcore11-curl (.NET Core 1.1 on Red Hat Enterprise Linux) - Out of support scope Package: rh-dotnet20-curl (.NET Core 2.0 on Red Hat Enterprise Linux) - Out of support scope Package: rh-dotnet21-curl (.NET Core 2.1 on Red Hat Enterprise Linux) - Will not fix Package: curl (Red Hat Enterprise Linux 5) - Will not fix Package: curl (Red Hat Enterprise Linux 6) - Will not fix Package: curl (Red Hat Enterprise Linux 7) - Will not fix Package: min

CVE-2016-8618 [MEDIUM] CVE-2016-8618: curl - The libcurl API function called `curl_maprintf()` before version 7.51.0 can be t... The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. Scope: local bookworm: resolved (fixed in 7.51.0-1) bullseye: resolved (fixed in 7.51.0-1) forky: resolved (fixed in 7.51.0-1) sid: resolved (fixed in 7.51.0-1) trixie: resolved (fixed in 7.51.0-1)

CVE-2016-8618 [CRITICAL] CWE-415 GHSA-36jj-p27h-fh24: The libcurl API function called `curl_maprintf()` before version 7 The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.

CVE-2016-8618 [CRITICAL] CVE-2016-8618: The libcurl API function called `curl_maprintf()` before version 7 The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.

CVE-2016-7141 [HIGH] curl vulnerabilities curl vulnerabilities It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. (CVE-2016-7141) Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain strings. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7167) It was discovered that curl incorrectly handled storing cookies. A remote attacker could possibly use this issue to inject cookies for arbitrary domains in the cookie jar. (CVE-2016-8615) It was discovered that curl incorrect handled case when comparing user names and passwords. A remote attacker with knowledge of a case-insensiti

CVE-2016-8615 [MEDIUM] CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 mingw-curl: various flaws [epel-7] CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 mingw-curl: various flaws [epel-7] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being

CVE-2016-8615 [MEDIUM] CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 mingw-curl: various flaws [fedora-all] CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 mingw-curl: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being

CVE-2016-8615 [MEDIUM] CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 curl: various flaws [fedora-all] CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 curl: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM cha

CVE-2016-8618 [MEDIUM] CVE-2016-8618 curl: Double-free in curl_maprintf CVE-2016-8618 curl: Double-free in curl_maprintf The libcurl API function called `curl_maprintf()` can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. The function is also used internallty in numerous situations. The function doubles an allocated memory area with realloc() and allows the size to wrap and become zero and when doing so realloc() returns NULL *and* frees the memory - in contrary to normal realloc() fails where it only returns NULL - causing libcurl to free the memory *again* in the error path. Systems with 64 bit versions of the `size_t` type are not affected by this issue. This behavior is triggable using the publicly exposed function. External References: https://curl.haxx.se/docs/adv_20161102D.

BinEnhance: An Enhancement Framework Based on External Environment Semantics for Binary Code Search : An Enhancement Framework Based on External Environment Semantics for Binary Code Search Yongpan Wang23, Hong Li231, Xiaojie Zhu4, Siyuan Li23, Chaopeng Dong23, Shouguo Yang5, Kangyuan Qin23 1Corresponding Author 2Institute of Information Engineering, Chinese Academy of Sciences, China 3School of Cyber Security, University of Chinese Academy of Sciences, China 4King Abdullah University of Science and Technology, Thuwal, Saudi Arabia 5Zhongguancun Laboratory, Beijing, China [email protected], \lihong, lisiyuan, dongchaopeng, qinkangyuan\@iie.ac.cn [email protected], [email protected] [0]BinEnhance [1]blue#1 \@IEEEpubidpullup6.5 Network and Distributed System Security (NDSS) Symposium 2025 24 - 28 February 2025, San Diego, CA, USA ISBN 979-8-9894372-8-3 https://dx.d