CVE-2016-9594
published 2018-04-23CVE-2016-9594: curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or…
PriorityP339high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
2.67%
83.8th percentile
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_sierra_10.12.6_security_update_2017-003_el_capitan_and_security_update_201 | — | — |
| debian | curl | — | — |
| haxx | curl | < 7.52.1 | 7.52.1 |
| haxx | curl | >= 0 < 7.52.1-r0 | 7.52.1-r0 |
| haxx | curl | >= 0 < 7.52.1 | 7.52.1 |
| haxx | curl | >= 0 < 7.52.1-r0 | 7.52.1-r0 |
| haxx | curl | >= 0 < 7.52.1-r0 | 7.52.1-r0 |
| haxx | curl | >= 0 < 7.52.1-r0 | 7.52.1-r0 |
| haxx | curl | >= 0 < 7.52.1-r0 | 7.52.1-r0 |
| haxx | curl | >= 0 < 7.52.1-r0 | 7.52.1-r0 |
| haxx | curl | >= 0 < 7.52.1-r0 | 7.52.1-r0 |
| haxx | curl | >= 0 < 7.52.1-r0 | 7.52.1-r0 |
| haxx | curl | >= 0 < 7.52.1-r0 | 7.52.1-r0 |
| haxx | curl | >= 0 < 7.52.1-r0 | 7.52.1-r0 |
| haxx | curl | >= 0 < 7.52.1-r0 | 7.52.1-r0 |
| haxx | curl | >= 0 < 7.52.1-r0 | 7.52.1-r0 |
| haxx | curl | >= 0 < 7.52.1-r0 | 7.52.1-r0 |
| haxx | curl | >= 0 < 7.52.1-r0 | 7.52.1-r0 |
| haxx | curl | >= 0 < 7.52.1-r0 | 7.52.1-r0 |
| haxx | curl | >= 0 < 7.52.1-r0 | 7.52.1-r0 |
| haxx | curl | >= 0 < 7.52.1-r0 | 7.52.1-r0 |
| haxx | curl | >= 0 < 7.52.1 | 7.52.1 |
| haxx | curl | >= 0 < 7.52.1 | 7.52.1 |
| haxx | curl | >= 0 < 7.52.1 | 7.52.1 |
| haxx | curl | >= 0 < 7.52.1-r0 | 7.52.1-r0 |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.1HIGH
vendor_debian6.5LOW
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2016-9594: macOS Sierra 10.12.6, Security Update 2017-003 El Capitan, and Security Update 2017-003 Yosemite
vendor_apple·2017-07-19·CVSS 6.5
CVE-2016-9594 [MEDIUM] CVE-2016-9594: macOS Sierra 10.12.6, Security Update 2017-003 El Capitan, and Security Update 2017-003 Yosemite
Apple Security Update: About the security content of macOS Sierra 10.12.6, Security Update 2017-003 El Capitan, and Security Update 2017-003 Yosemite
Product: macOS Sierra 10.12.6, Security Update 2017-003 El Capitan, and Security Update 2017-003 Yosemite
CVE: CVE-2016-9594
Component: CVE-2016-9594
Red Hat
curl: Unitialized random
vendor_redhat·2016-12-23·CVSS 6.5
CVE-2016-9594 [MEDIUM] CWE-665 curl: Unitialized random
curl: Unitialized random
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
Package: rh-dotnetcore10-curl (.NET Core 1.0 on Red Hat Enterprise Linux) - Not affected
Package: rh-dotnetcore11-curl (.NET Core 1.1 on Red Hat Enterprise Linux) - Not affected
Package: rh-dotnet20-curl (.NET Core 2.0 on Red Hat Enterprise Linux) - Not affected
Package: curl (Red Hat Enterprise Linux 5) - Not affected
Package: curl (Red Hat Enterprise Linux 6) - Not affected
Package: curl (Red Hat Enterprise Linux 7) - Not affected
Package: mingw-virt-viewer (Red Hat Enterprise Virtualization 3) - Not affected
Package: cur
Debian
CVE-2016-9594: curl - curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's...
vendor_debian·2016·CVSS 6.5
CVE-2016-9594 [MEDIUM] CVE-2016-9594: curl - curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's...
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-qq6c-xrmh-q72x: curl before version 7
ghsa_unreviewed·2022-05-13
CVE-2016-9594 [HIGH] CWE-665 GHSA-qq6c-xrmh-q72x: curl before version 7
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
OSV
CVE-2016-9594: curl before version 7
osv·2018-04-23·CVSS 8.1
CVE-2016-9594 [HIGH] CVE-2016-9594: curl before version 7
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-9594 curl: Unitialized random
bugzilla·2016-12-23·CVSS 6.5
CVE-2016-9594 [MEDIUM] CVE-2016-9594 curl: Unitialized random
CVE-2016-9594 curl: Unitialized random
libcurl's (new) internal function that returns a good 32bit random value was
implemented poorly and overwrote the pointer instead of writing the value into
the buffer the pointer pointed to.
This random value is used to generate nonces for Digest and NTLM
authentication, for generating boundary strings in HTTP formposts and
more. Having a weak or virtually non-existent random there makes these
operations vulnerable.
This function is brand new in 7.52.0
External References:
https://curl.haxx.se/docs/adv_20161223.html
Upstream patch:
https://curl.haxx.se/CVE-2016-9594.patch
Discussion:
Acknowledgments:
Name: Kamil Dudka (Red Hat)
---
Vulnerable version is not shipped anywhere across our products.
Tenable
[R5] SecurityCenter 5.4.3 Fixes Multiple Vulnerabilities
blogs_tenable·2017-02-14
[R5] SecurityCenter 5.4.3 Fixes Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
[R3] LCE 5.0.0 Fixes Multiple Third-party Library Vulnerabilities
blogs_tenable·2017-01-31
[R3] LCE 5.0.0 Fixes Multiple Third-party Library Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
arxiv_fulltext·2022-12-29
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
## Abstract
Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l
http://www.securityfocus.com/bid/95094http://www.securitytracker.com/id/1037528https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9594https://curl.haxx.se/docs/adv_20161223.htmlhttps://security.gentoo.org/glsa/201701-47https://www.tenable.com/security/tns-2017-04http://www.securityfocus.com/bid/95094http://www.securitytracker.com/id/1037528https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9594https://curl.haxx.se/docs/adv_20161223.htmlhttps://security.gentoo.org/glsa/201701-47https://www.tenable.com/security/tns-2017-04
2018-04-23
Published