Showing 1 - 5 of 5

CVE-2016-9586

Status Candidate

Overview

curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.

Related Files

Red Hat Security Advisory 2018-3558-01: Posted Nov 13, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-3558-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Issues addressed include buffer overflow, bypass, denial of service, heap overflow, null pointer, out of bounds write, and use-after-free vulnerabilities.; tags | advisory, web, denial of service, overflow, vulnerability; systems | linux, redhat; advisories | CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-15710, CVE-2017-15715, CVE-2017-7407, CVE-2017-8816, CVE-2017-8817, CVE-2018-1000007; SHA-256 | 4abdca181cc67933f360c5393ddadd7197a24c99bd7985727a9e00a4d0cad5b6; Download | Favorite | View

Ubuntu Security Notice USN-3441-2: Posted Oct 23, 2017; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3441-2 - USN-3441-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. A Daniel Stenberg discovered that curl incorrectly handled large A floating point output. A remote attacker could use this issue to cause A curl to crash, resulting in a denial of service, or possibly execute A arbitrary code. Various other issues were also addressed.; tags | advisory, remote, denial of service, arbitrary, vulnerability; systems | linux, ubuntu; advisories | CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-7407; SHA-256 | 7aae14ec5ba893ef0d780ab62a86bba669dd2dbe21dca9f3ab0beb40cb92a0f0; Download | Favorite | View

Ubuntu Security Notice USN-3441-1: Posted Oct 10, 2017; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3441-1 - Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Even Rouault discovered that curl incorrectly handled large file names when doing TFTP transfers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. Various other issues were also addressed.; tags | advisory, remote, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-7407; SHA-256 | b0130c23f8916e72e2b583e6c7d268af318bf605fb5e0b272a99a1657ec8a6c0; Download | Favorite | View