Lucene search

F5F5:K23391972

HistoryApr 14, 2017 - 12:00 a.m.

K23391972 : cURL and libcurl vulnerability CVE-2016-8622

2017-04-1400:00:00

my.f5.com

8.4 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.7%

JSON

Security Advisory Description

The URL percent-encoding decode function in libcurl before 7.51.0 is called curl_easy_unescape. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer. (CVE-2016-8622)

Impact

A user can send a very large URL to cURL or libcurl, causing a heap overflow that can allow an attacker to execute arbitrary code in the context of the user running the affected application.

CPENameOperatorVersion
big-ip afmeq11.4.0
big-ip afmeq11.4.1
big-ip afmeq11.5.0
big-ip afmeq11.5.1
big-ip afmeq11.5.2
big-ip afmeq11.5.3
big-ip afmeq11.5.4
big-ip afmeq11.6.0
big-ip afmeq11.6.1
big-ip afmeq12.0.0

Name	Operator	Version
big-ip afm	eq	11.4.0
big-ip afm	eq	11.4.1
big-ip afm	eq	11.5.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3
big-ip afm	eq	11.5.4
big-ip afm	eq	11.6.0
big-ip afm	eq	11.6.1
big-ip afm	eq	12.0.0

Rows per page:

1-10 of 1621