F5 Networks BIG-IP : libcurl vulnerability (K26899353)
High Nessus Plugin ID 105437
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. (CVE-2016-8621)
Custom monitors or shell scripts using curl to download content with a malformed time stamp may be vulnerable to a privilege escalation.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K26899353.