6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.012 Low
EPSS
Percentile
85.5%
Severity: Medium
Date : 2017-01-03
CVE-ID : CVE-2016-9586 CVE-2016-9594
Package : libcurl-compat
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-113
The package libcurl-compat before version 7.52.1-1 is vulnerable to
multiple issues including arbitrary code execution and incorrect
calculation.
Upgrade to 7.52.1-1.
The problems have been fixed upstream in version 7.52.1.
None.
libcurlโs implementation of the printf() functions triggers a buffer
overflow when doing a large floating point output. The bug occurs when
the conversion outputs more than 255 bytes. The flaw happens because
the floating point conversion is using system functions without the
correct boundary checks.
The functions have been documented as deprecated for a long time and
users are discouraged from using them in โnew programsโ as they are
planned to get removed at a future point. But as the functions are
present and thereโs nothing preventing users from using them, we expect
there to be a certain amount of existing users in the wild.
If there are any application that accepts a format string from the
outside without necessary input filtering, it could allow remote
attacks.
libcurlโs (new) internal function that returns a good 32bit random
value was implemented poorly and overwrote the pointer instead of
writing the value into the buffer the pointer pointed to. This random
value is used to generate nonces for Digest and NTLM authentication,
for generating boundary strings in HTTP formposts and more. Having a
weak or virtually non-existent random there makes these operations
vulnerable.
This function has been introduced in 7.52.0
A remote attacker is able to execute arbitrary code on a target machine
by sending crafted data to the server. In addition, the nonces
generated by libcurl 7.52.0 were not truly random, which allowed for an
attacker to derive sensitive information (e.g., session keys).
https://bugs.archlinux.org/task/52247
https://curl.haxx.se/docs/adv_20161221A.html
https://curl.haxx.se/docs/adv_20161223.html
https://security.archlinux.org/CVE-2016-9586
https://security.archlinux.org/CVE-2016-9594
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | libcurl-compat | <ย 7.52.1-1 | UNKNOWN |
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.012 Low
EPSS
Percentile
85.5%