F5 Networks BIG-IP : libcurl vulnerability (K44503763)
High Nessus Plugin ID 105440
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`. (CVE-2016-8617)
This vulnerability may allow an attacker to overwrite memory behind the output buffer.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K44503763.