CVE-2016-8621
Description
The curl_getdate function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.676
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Curl For Windows 7.50.3 | Windows |
| Multiple vulnerabilities are fixed in Curl For Windows 7.51.0 | Windows |
| Curl update (ELSA-2020-5002) curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm | Linux |
| Libcurl update (ELSA-2020-5002) libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm | Linux |
| Libcurl-devel update (ELSA-2020-5002) libcurl-devel-7.29.0-59.0.1.el7_9.1.x86_64.rpm | Linux |
| Libcurl update (ELSA-2020-5002) libcurl-7.29.0-59.0.1.el7_9.1.i686.rpm | Linux |
| Libcurl-devel update (ELSA-2020-5002) libcurl-devel-7.29.0-59.0.1.el7_9.1.i686.rpm | Linux |
| Curl update (ELSA-2023-7743) curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm | Linux |
| Libcurl update (ELSA-2023-7743) libcurl-7.29.0-59.0.3.el7_9.2.i686.rpm | Linux |
| Libcurl update (ELSA-2023-7743) libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm | Linux |
| Libcurl-devel update (ELSA-2023-7743) libcurl-devel-7.29.0-59.0.3.el7_9.2.i686.rpm | Linux |
| Libcurl-devel update (ELSA-2023-7743) libcurl-devel-7.29.0-59.0.3.el7_9.2.x86_64.rpm | Linux |
| Out-of-bounds Read Vulnerability (CVE-2016-8621) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234