|
|
Log in / Subscribe / Register

curl: code execution

Package(s):curl CVE #(s):CVE-2016-7167
Created:September 16, 2016 Updated:November 2, 2016
Description: From the Red Hat bugzilla entry:

It was found that provided string length arguments in four libcurl functions curl_escape(), curl_easy_escape(), curl_unescape and curl_easy_unescape were not properly checked and due to arithmetic in the functions, passing in the length 0xffffffff (2^32-1 or UINT_MAX or even just -1) would end up causing an allocation of zero bytes of heap memory that curl would attempt to write gigabytes of data into.

Alerts:
openSUSE openSUSE-SU-2016:2768-1 curl 2016-11-10
Ubuntu USN-3123-1 curl 2016-11-03
SUSE SUSE-SU-2016:2714-1 curl 2016-11-03
SUSE SUSE-SU-2016:2700-1 curl 2016-11-02
SUSE SUSE-SU-2016:2699-1 curl 2016-11-02
Fedora FEDORA-2016-80f4f71eff curl 2016-09-29
Mageia MGASA-2016-0316 curl 2016-09-21
Arch Linux ASA-201609-18 lib32-curl 2016-09-20
Arch Linux ASA-201609-19 curl 2016-09-20
Debian-LTS DLA-625-1 curl 2016-09-17
Slackware SSA:2016-259-01 curl 2016-09-15
Fedora FEDORA-2016-7a2ed52d41 curl 2016-09-15
Gentoo 201701-47 curl 2017-01-19
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds