F5 Networks BIG-IP : cURL and libcurl vulnerability (K46123931)
High Nessus Plugin ID 105468
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.(CVE-2016-8619)
An attacker may use this vulnerability to exploit the usage of the cURL command with Kerberos authentication on custom BIG-IP monitors and/or the command line.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K46123931.