The libcurl API function called curl_maprintf()
before version 7.51.0 can be tricked into doing a double-free due to an unsafe size_t
multiplication, on systems using 32 bit size_t
variables. (CVE-2016-8618)
Impact
A custom monitor or script that calls the curl command may allow unauthorized disclosure of information, unauthorized modification, and disruption of service. Thebig3d process, which includes thelibcurl library, may allow unauthorized disclosure of information, unauthorized modification, and disruption of service.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip afm | eq | 11.4.0 | |
big-ip afm | eq | 11.4.1 | |
big-ip afm | eq | 11.5.0 | |
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.5.4 | |
big-ip afm | eq | 11.5.5 | |
big-ip afm | eq | 11.5.6 | |
big-ip afm | eq | 11.5.7 |