Vulnerability Details : CVE-2016-7167
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.
Vulnerability category: Overflow
Products affected by CVE-2016-7167
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-7167
1.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7167
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-7167
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7167
-
http://www.securityfocus.com/bid/92975
curl/libcURL CVE-2016-7167 Multiple Integer Overflow VulnerabilitiesBroken Link
-
https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html
[SECURITY] [DLA 1568-1] curl security update
-
https://security.gentoo.org/glsa/201701-47
cURL: Multiple vulnerabilities (GLSA 201701-47) — Gentoo security
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMRWVISG7VUCYRMF23A2UHMYD72VQWAK/
[SECURITY] Fedora 23 Update: curl-7.43.0-10.fc23 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CPU Oct 2018
-
https://access.redhat.com/errata/RHSA-2017:2016
RHSA-2017:2016 - Security Advisory - Red Hat Customer Portal
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3IU2FRXQNU6UJIQT4NGLWWTP2GJQXO7/
[SECURITY] Fedora 25 Update: curl-7.50.3-1.fc25 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://curl.haxx.se/docs/adv_20160914.html
curl - curl escape and unescape integer overflows - CVE-2016-7167Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2018:3558
RHSA-2018:3558 - Security Advisory - Red Hat Customer Portal
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTH54DFOS4TSYPG5XKJDGAG4XPAR4T7M/
[SECURITY] Fedora 24 Update: curl-7.47.1-8.fc24 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.538632
The Slackware Linux Project: Slackware Security AdvisoriesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2486
RHSA-2018:2486 - Security Advisory - Red Hat Customer Portal
-
http://www.securitytracker.com/id/1036813
libcurl Integer Overflow in Escape Functions May Let Users Execute Arbitrary Code on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
Jump to