CVE-2016-7167
07.10.2016, 14:59
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| haxx | libcurl | 𝑥 ≤ 7.50.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| curl |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libcurl-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libcurl4 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libcurl4-32bit |
|
Red Hat Enterprise Linux Releases