CVE-2016-8621 — Out-of-bounds Read in Curl

CWE-125 — Out-of-bounds Read12 documents9 sources

Severity

7.5HIGHNVD

EPSS

2.3%

top 15.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Haxx Curl THE Curl Project Curl

Timeline

PublishedJul 31

Latest updateMay 14

Description

The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDhaxx/curl< 7.51.0

▶Debianhaxx/curl< 7.51.0-1+3

▶CVEListV5the_curl_project/curl7.51.0

Patches

Patch: bugzilla.redhat.com ↗Patch: curl.haxx.se ↗Patch: curl.haxx.se ↗

🔴Vulnerability Details

GHSA

GHSA-h48j-q99p-f494: The `curl_getdate` function in curl before version 7↗2022-05-14

▶

CVEList

CVE-2016-8621: The `curl_getdate` function in curl before version 7↗2018-07-31

▶

OSV

CVE-2016-8621: The `curl_getdate` function in curl before version 7↗2018-07-31

▶

📋Vendor Advisories

Apple

CVE-2016-8621: macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite↗2016-12-13

▶

Ubuntu

curl vulnerabilities↗2016-11-03

▶

Red Hat

curl: curl_getdate out-of-bounds read↗2016-11-02

▶

Debian

CVE-2016-8621: curl - The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an ou...↗2016

▶

💬Community

Bugzilla

CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 mingw-curl: various flaws [epel-7]↗2016-11-02

▶

Bugzilla

▶

Bugzilla

CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 curl: various flaws [fedora-all]↗2016-11-02

▶

Bugzilla

CVE-2016-8621 curl: curl_getdate out-of-bounds read↗2016-10-25

▶