Home

CVE-2016-8617

Description

The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via CURLOPT_USERNAME.

Risk Information

Base Score
7.0
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.063

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Curl For Windows 7.50.3Windows
Multiple vulnerabilities are fixed in Curl For Windows 7.51.0Windows
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3_7.47.0-1ubuntu2.2_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3_7.47.0-1ubuntu2.2_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3_7.22.0-3ubuntu4.17_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3_7.22.0-3ubuntu4.17_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3_7.35.0-1ubuntu2.10_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3_7.35.0-1ubuntu2.10_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-nss_7.47.0-1ubuntu2.2_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-nss_7.47.0-1ubuntu2.2_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-nss_7.22.0-3ubuntu4.17_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-nss_7.22.0-3ubuntu4.17_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-nss_7.35.0-1ubuntu2.10_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-nss_7.35.0-1ubuntu2.10_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-gnutls_7.47.0-1ubuntu2.2_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-gnutls_7.47.0-1ubuntu2.2_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-gnutls_7.22.0-3ubuntu4.17_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-gnutls_7.22.0-3ubuntu4.17_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-gnutls_7.35.0-1ubuntu2.10_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-gnutls_7.35.0-1ubuntu2.10_amd64.debLinux
curl security update(DSA-3705-1) curl_7.38.0-4+deb8u5_i386.debLinux
curl security update(DSA-3705-1) curl_7.38.0-4+deb8u5_kfreebsd-i386.debLinux
curl security update(DSA-3705-1) curl_7.38.0-4+deb8u5_kfreebsd-amd64.debLinux
Curl update (ELSA-2020-5002) curl-7.29.0-59.0.1.el7_9.1.x86_64.rpmLinux
Libcurl update (ELSA-2020-5002) libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpmLinux
Libcurl-devel update (ELSA-2020-5002) libcurl-devel-7.29.0-59.0.1.el7_9.1.x86_64.rpmLinux
Libcurl update (ELSA-2020-5002) libcurl-7.29.0-59.0.1.el7_9.1.i686.rpmLinux
Libcurl-devel update (ELSA-2020-5002) libcurl-devel-7.29.0-59.0.1.el7_9.1.i686.rpmLinux
Curl update (ELSA-2023-7743) curl-7.29.0-59.0.3.el7_9.2.x86_64.rpmLinux
Libcurl update (ELSA-2023-7743) libcurl-7.29.0-59.0.3.el7_9.2.i686.rpmLinux
Libcurl update (ELSA-2023-7743) libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpmLinux
Libcurl-devel update (ELSA-2023-7743) libcurl-devel-7.29.0-59.0.3.el7_9.2.i686.rpmLinux
Libcurl-devel update (ELSA-2023-7743) libcurl-devel-7.29.0-59.0.3.el7_9.2.x86_64.rpmLinux
CVE-2016-8617NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234