Home

CVE-2016-8616

Description

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.

Risk Information

Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
3.084

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Curl For Windows 7.50.3Windows
Multiple vulnerabilities are fixed in Curl For Windows 7.51.0Windows
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3_7.47.0-1ubuntu2.2_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3_7.47.0-1ubuntu2.2_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3_7.22.0-3ubuntu4.17_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3_7.22.0-3ubuntu4.17_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3_7.35.0-1ubuntu2.10_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3_7.35.0-1ubuntu2.10_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-nss_7.47.0-1ubuntu2.2_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-nss_7.47.0-1ubuntu2.2_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-nss_7.22.0-3ubuntu4.17_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-nss_7.22.0-3ubuntu4.17_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-nss_7.35.0-1ubuntu2.10_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-nss_7.35.0-1ubuntu2.10_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-gnutls_7.47.0-1ubuntu2.2_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-gnutls_7.47.0-1ubuntu2.2_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-gnutls_7.22.0-3ubuntu4.17_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-gnutls_7.22.0-3ubuntu4.17_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-gnutls_7.35.0-1ubuntu2.10_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-gnutls_7.35.0-1ubuntu2.10_amd64.debLinux
curl security update(DSA-3705-1) curl_7.38.0-4+deb8u5_i386.debLinux
curl security update(DSA-3705-1) curl_7.38.0-4+deb8u5_kfreebsd-i386.debLinux
curl security update(DSA-3705-1) curl_7.38.0-4+deb8u5_kfreebsd-amd64.debLinux
Curl update (ELSA-2020-5002) curl-7.29.0-59.0.1.el7_9.1.x86_64.rpmLinux
Libcurl update (ELSA-2020-5002) libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpmLinux
Libcurl-devel update (ELSA-2020-5002) libcurl-devel-7.29.0-59.0.1.el7_9.1.x86_64.rpmLinux
Libcurl update (ELSA-2020-5002) libcurl-7.29.0-59.0.1.el7_9.1.i686.rpmLinux
Libcurl-devel update (ELSA-2020-5002) libcurl-devel-7.29.0-59.0.1.el7_9.1.i686.rpmLinux
Curl update (ELSA-2023-7743) curl-7.29.0-59.0.3.el7_9.2.x86_64.rpmLinux
Libcurl update (ELSA-2023-7743) libcurl-7.29.0-59.0.3.el7_9.2.i686.rpmLinux
Libcurl update (ELSA-2023-7743) libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpmLinux
Libcurl-devel update (ELSA-2023-7743) libcurl-devel-7.29.0-59.0.3.el7_9.2.i686.rpmLinux
Libcurl-devel update (ELSA-2023-7743) libcurl-devel-7.29.0-59.0.3.el7_9.2.x86_64.rpmLinux
CVE-2016-8616NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234