CVE-2016-9586 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
redhat	CNA	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 70%

Vendor	Product	Version
haxx	curl	𝑥 < 7.52.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

curl

bullseye	7.74.0-1.3+deb11u13 fixed
bullseye (security)	7.74.0-1.3+deb11u11 fixed
bookworm	7.88.1-10+deb12u7 fixed
bookworm (security)	7.88.1-10+deb12u5 fixed
sid	8.10.1-2 fixed
trixie	8.10.1-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

curl

artful	not-affected
zesty	not-affected
yakkety	ignored
xenial	Fixed 7.47.0-1ubuntu2.3 released
trusty	Fixed 7.35.0-1ubuntu2.11 released
precise	ignored

Common Weakness Enumeration

CWE-122 - Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/95019

http://www.securitytracker.com/id/1037515

https://access.redhat.com/errata/RHSA-2018:3558

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586

https://curl.haxx.se/docs/adv_20161221A.html

https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html

https://security.gentoo.org/glsa/201701-47

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/95019

http://www.securitytracker.com/id/1037515

https://access.redhat.com/errata/RHSA-2018:3558

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586

https://curl.haxx.se/docs/adv_20161221A.html

https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html

https://security.gentoo.org/glsa/201701-47