F5 Networks BIG-IP : libcurl vulnerability (K10196624)
High Nessus Plugin ID 105436
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.
A custom monitor or script that calls the curl command may allow unauthorized disclosure of information,unauthorized modification, and disruption of service. The big3d process, which includes the libcurl library, may allow unauthorized disclosure of information,unauthorized modification, and disruption of service.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K10196624.