CVE-2016-9586

MEDIUM

Description

curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.

References

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/95019

http://www.securitytracker.com/id/1037515

https://access.redhat.com/errata/RHSA-2018:3558

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586

https://curl.haxx.se/docs/adv_20161221A.html

https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16

https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html

https://security.gentoo.org/glsa/201701-47

Details

Source: MITRE

Published: 2018-04-23

Updated: 2018-11-13

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
125002EulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1549)NessusHuawei Local Security Checks
high
118753Debian DLA-1568-1 : curl security updateNessusDebian Local Security Checks
high
118418EulerOS Virtualization 2.5.0 : curl (EulerOS-SA-2018-1330)NessusHuawei Local Security Checks
high
110867EulerOS 2.0 SP3 : curl (EulerOS-SA-2018-1203)NessusHuawei Local Security Checks
high
110866EulerOS 2.0 SP2 : curl (EulerOS-SA-2018-1202)NessusHuawei Local Security Checks
medium
103773Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : curl vulnerabilities (USN-3441-1)NessusUbuntu Local Security Checks
medium
102910SUSE SLES11 Security Update : curl (SUSE-SU-2017:2312-1)NessusSuSE Local Security Checks
medium
700170Mac OS X 10.x < 10.12.6 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
101957macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-003)NessusMacOS X Local Security Checks
high
99702openSUSE Security Update : curl (openSUSE-2017-513)NessusSuSE Local Security Checks
medium
99465SUSE SLES11 Security Update : curl (SUSE-SU-2017:1043-1)NessusSuSE Local Security Checks
medium
99464SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2017:1042-1)NessusSuSE Local Security Checks
medium
99134macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)NessusMacOS X Local Security Checks
critical
97896Amazon Linux AMI : curl (ALAS-2017-806)NessusAmazon Linux Local Security Checks
medium
96644GLSA-201701-47 : cURL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
96209Fedora 24 : curl (2016-86d2b5aefb)NessusFedora Local Security Checks
medium
96183Debian DLA-767-1 : curl security updateNessusDebian Local Security Checks
medium
96160Fedora 25 : curl (2016-edbb33ab2e)NessusFedora Local Security Checks
medium
96086FreeBSD : cURL -- buffer overflow (42880202-c81c-11e6-a9a5-b499baebfeaf)NessusFreeBSD Local Security Checks
medium