CVE-2016-8622: Integer Overflow
First published: Tue Oct 25 2016(Updated: )
The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/curl | <7.51.0 | 7.51.0 |
| libcurl | <7.51.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/94105
- http://www.securitytracker.com/id/1037192
- https://access.redhat.com/errata/RHSA-2018:2486
- https://access.redhat.com/errata/RHSA-2018:3558
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622
- https://curl.haxx.se/docs/adv_20161102H.html
- https://security.gentoo.org/glsa/201701-47
- https://www.tenable.com/security/tns-2016-21
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1213778&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1213778&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1390894
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1390895
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1390896
- https://bugzilla.redhat.com/show_bug.cgi?id=1388386
Frequently Asked Questions
What is the severity of CVE-2016-8622?
CVE-2016-8622 is considered a medium-severity vulnerability as it can lead to a buffer overflow in libcurl.
How do I fix CVE-2016-8622?
To fix CVE-2016-8622, upgrade libcurl to version 7.51.0 or later.
What software is affected by CVE-2016-8622?
CVE-2016-8622 affects versions of libcurl prior to 7.51.0.
What impact does CVE-2016-8622 have on system security?
CVE-2016-8622 could allow an attacker to exploit a buffer overflow, potentially leading to arbitrary code execution.
Is CVE-2016-8622 specific to any operating system?
CVE-2016-8622 is not limited to a specific operating system but affects libcurl across multiple platforms.
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-8622
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/haxx
- canonical/libcurl