What is the severity of CVE-2016-9586?

CVE-2016-9586 is considered a medium-severity vulnerability due to the potential for buffer overflow exploitation.

How do I fix CVE-2016-9586?

To fix CVE-2016-9586, upgrade to curl version 7.52.0 or later.

What is the main risk associated with CVE-2016-9586?

The main risk of CVE-2016-9586 is that it allows remote attackers to execute arbitrary code via crafted floating point inputs.

Which versions of curl are affected by CVE-2016-9586?

CVE-2016-9586 affects versions of curl before 7.52.0.

What kind of applications are vulnerable to CVE-2016-9586?

Applications that accept unvalidated format strings from user input while using libcurl are vulnerable to CVE-2016-9586.

Vulnerability/
CVE-2016-9586

high

8.1

CWE

119 122

21/12/2016

23/4/2018

6/8/2024

CVE-2016-9586: Buffer Overflow

First published: Wed Dec 21 2016(Updated: )

curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/curl	<7.52.0	7.52.0
Curl	<7.52.0

Remedy

https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-9586?
CVE-2016-9586 is considered a medium-severity vulnerability due to the potential for buffer overflow exploitation.
How do I fix CVE-2016-9586?
To fix CVE-2016-9586, upgrade to curl version 7.52.0 or later.
What is the main risk associated with CVE-2016-9586?
The main risk of CVE-2016-9586 is that it allows remote attackers to execute arbitrary code via crafted floating point inputs.
Which versions of curl are affected by CVE-2016-9586?
CVE-2016-9586 affects versions of curl before 7.52.0.
What kind of applications are vulnerable to CVE-2016-9586?
Applications that accept unvalidated format strings from user input while using libcurl are vulnerable to CVE-2016-9586.

agent/type
agent/first-publish-date
agent/softwarecombine
agent/weakness
agent/author
agent/remedy
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2016-9586
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/last-modified-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/redhat
vendor/haxx
canonical/curl

Frequently Asked Questions

What is the severity of CVE-2016-9586?
CVE-2016-9586 is considered a medium-severity vulnerability due to the potential for buffer overflow exploitation.
How do I fix CVE-2016-9586?
To fix CVE-2016-9586, upgrade to curl version 7.52.0 or later.
What is the main risk associated with CVE-2016-9586?
The main risk of CVE-2016-9586 is that it allows remote attackers to execute arbitrary code via crafted floating point inputs.
Which versions of curl are affected by CVE-2016-9586?
CVE-2016-9586 affects versions of curl before 7.52.0.
What kind of applications are vulnerable to CVE-2016-9586?
Applications that accept unvalidated format strings from user input while using libcurl are vulnerable to CVE-2016-9586.

CVE-2016-9586: Buffer Overflow

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-9586?

How do I fix CVE-2016-9586?

What is the main risk associated with CVE-2016-9586?

Which versions of curl are affected by CVE-2016-9586?

What kind of applications are vulnerable to CVE-2016-9586?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2016-9586?

How do I fix CVE-2016-9586?

What is the main risk associated with CVE-2016-9586?

Which versions of curl are affected by CVE-2016-9586?

What kind of applications are vulnerable to CVE-2016-9586?