CVE-2016-8619: The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.

[MEDIUM] Hitachi Energy MSM Product ## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs. ICS Advisory ## Hitachi Energy MSM Product Last RevisedAugust 30, 2022 Alert CodeICSA-22-242-03 ## 1. EXECUTIVE SUMMARY - CVSS v3 7.5 - ATTENTION: Exploitable remotely/low attack complexity - Vendor: Hitachi Energy - Equipment: MSM Product - Vulnerability: Reliance on Uncontrolled Component ## 2. RISK EVALUATION Successful exploitation of this vulnerability could disrupt the functionality of the MSM web interface, steal sensitive user credentials, or cause a denial-of-service condition. ## 3. TECHNICAL DETAILS ## 3.1 AFFECTED PRODUCTS Hitachi Energy reports multiple open-source softwar

CVE-2016-8619 [MEDIUM] CVE-2016-8619: macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite Apple Security Update: About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite Product: macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite CVE: CVE-2016-8619 Component: CVE-2016-8619

CVE-2016-7141 [HIGH] curl vulnerabilities Title: curl vulnerabilities Summary: Several security issues were fixed in curl. It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. (CVE-2016-7141) Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain strings. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7167) It was discovered that curl incorrectly handled storing cookies. A remote attacker could possibly use this issue to inject cookies for arbitrary domains in the cookie jar. (CVE-2016-8615) It was discovered that curl incorrect handled case when comparing user names and pa

CVE-2016-8619 [MEDIUM] CWE-416 curl: Double-free in krb5 code curl: Double-free in krb5 code The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. Package: rh-dotnetcore10-curl (.NET Core 1.0 on Red Hat Enterprise Linux) - Out of support scope Package: rh-dotnetcore11-curl (.NET Core 1.1 on Red Hat Enterprise Linux) - Out of support scope Package: rh-dotnet20-curl (.NET Core 2.0 on Red Hat Enterprise Linux) - Out of support scope Package: rh-dotnet21-curl (.NET Core 2.1 on Red Hat Enterprise Linux) - Will not fix Package: curl (Red Hat Enterprise Linux 5) - Will not fix Package: curl (Red Hat Enterprise Linux 6) - Will not fix Package: curl (Red Hat Enterprise Linux 7) - Will not fix Package: mingw-virt-viewer (Red Hat Enterprise Virtualization 3) - Will not fix Package: curl (Red Hat JB

CVE-2016-8619 [MEDIUM] CVE-2016-8619: curl - The function `read_data()` in security.c in curl before version 7.51.0 is vulner... The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. Scope: local bookworm: resolved (fixed in 7.51.0-1) bullseye: resolved (fixed in 7.51.0-1) forky: resolved (fixed in 7.51.0-1) sid: resolved (fixed in 7.51.0-1) trixie: resolved (fixed in 7.51.0-1)

CVE-2016-8619 [CRITICAL] CWE-415 GHSA-86mc-c53c-6qpj: The function `read_data()` in security The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.

CVE-2016-8619 [CRITICAL] CVE-2016-8619: The function `read_data()` in security The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.

CVE-2016-7141 [HIGH] curl vulnerabilities curl vulnerabilities It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. (CVE-2016-7141) Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain strings. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7167) It was discovered that curl incorrectly handled storing cookies. A remote attacker could possibly use this issue to inject cookies for arbitrary domains in the cookie jar. (CVE-2016-8615) It was discovered that curl incorrect handled case when comparing user names and passwords. A remote attacker with knowledge of a case-insensiti

CVE-2016-8615 [MEDIUM] CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 mingw-curl: various flaws [epel-7] CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 mingw-curl: various flaws [epel-7] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being

CVE-2016-8615 [MEDIUM] CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 mingw-curl: various flaws [fedora-all] CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 mingw-curl: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being

CVE-2016-8615 [MEDIUM] CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 curl: various flaws [fedora-all] CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 curl: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM cha

CVE-2016-8619 [MEDIUM] CVE-2016-8619 curl: Double-free in krb5 code CVE-2016-8619 curl: Double-free in krb5 code In curl's implementation of the Kerberos authentication mechanism, the function `read_data()` in security.c is used to fill the necessary krb5 structures. When reading one of the length fields from the socket, it fails to ensure that the length parameter passed to realloc() is not set to 0. This would lead to realloc() getting called with a zero size and when doing so realloc() returns NULL *and* frees the memory - in contrary to normal realloc() fails where it only returns NULL - causing libcurl to free the memory *again* in the error path. This flaw could be triggered by a malicious or just otherwise ill-behaving server. External References: https://curl.haxx.se/docs/adv_20161102E.html Discussion: Created attachment 1213775 Upstream pat