CVE-2016-9953 — Out-of-bounds Read in Curl

CWE-125 — Out-of-bounds Read6 documents6 sources

Severity

9.8CRITICALNVD

EPSS

1.9%

top 16.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Haxx Curl

Timeline

PublishedMar 12

Latest updateDec 29

Description

The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶Alpinehaxx/curl< 7.52.1-r0+1

▶NVDhaxx/curl7.30.0 — 7.51.0

🔴Vulnerability Details

GHSA

GHSA-72rm-6rfp-xgr9: The verify_certificate function in lib/vtls/schannel↗2022-05-14

▶

CVEList

CVE-2016-9953: The verify_certificate function in lib/vtls/schannel↗2018-03-12

▶

OSV

CVE-2016-9953: The verify_certificate function in lib/vtls/schannel↗2018-03-12

▶

📋Vendor Advisories

Debian

CVE-2016-9953: curl - The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through...↗2016

▶

📄Research Papers

arXiv

One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware↗2022-12-29

▶