CVE-2016-9586 - OpenCVE

curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Haxx	Curl

Configuration 1 [-]

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/95019	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037515	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:3558
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586	Issue Tracking Third Party Advisory
https://curl.haxx.se/docs/adv_20161221A.html	Vendor Advisory
https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16	Patch Third Party Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html
https://security.gentoo.org/glsa/201701-47	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2018-04-23T18:00:00

Updated: 2021-06-29T14:06:45

Reserved: 2016-11-23T00:00:00

Link: CVE-2016-9586

JSON object: View

NVD Information

Status : Modified

Published: 2018-04-23T18:29:00.537

Modified: 2023-11-07T02:37:14.110

Link: CVE-2016-9586

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "curl", "vendor": "redhat", "versions": [{"status": "affected", "version": "curl 7.52.0"}]}], "datePublic": "2016-12-21T00:00:00", "descriptions": [{"lang": "en", "value": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-29T14:06:45", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2018:3558", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"name": "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://curl.haxx.se/docs/adv_20161221A.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16"}, {"name": "1037515", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037515"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}, {"name": "95019", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95019"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586"}, {"name": "GLSA-201701-47", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-47"}, {"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"}, {"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-9586", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "curl", "version": {"version_data": [{"version_value": "curl 7.52.0"}]}}]}, "vendor_name": "redhat"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks."}]}, "impact": {"cvss": [[{"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}], [{"vectorString": "2.6/AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-122"}]}]}, "references": {"reference_data": [{"name": "RHSA-2018:3558", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"name": "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"}, {"name": "https://curl.haxx.se/docs/adv_20161221A.html", "refsource": "CONFIRM", "url": "https://curl.haxx.se/docs/adv_20161221A.html"}, {"name": "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", "refsource": "CONFIRM", "url": "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16"}, {"name": "1037515", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037515"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}, {"name": "95019", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95019"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586"}, {"name": "GLSA-201701-47", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-47"}, {"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"}, {"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-9586", "datePublished": "2018-04-23T18:00:00", "dateReserved": "2016-11-23T00:00:00", "dateUpdated": "2021-06-29T14:06:45", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "matchCriteriaId": "C30B36FE-D891-4540-971F-7F9596F1A3A9", "versionEndExcluding": "7.52.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks."}, {"lang": "es", "value": "curl, en versiones anteriores a la 7.52.0, es vulnerable a un desbordamiento de b\u00fafer cuando se realiza un env\u00edo de un gran puntero flotante en la implementaci\u00f3n de libcurl de la funci\u00f3n printf(). Si hay aplicaciones que acepten una cadena de formato externa sin necesitar un filtrado de entrada, podr\u00eda permitir ataques remotos."}], "id": "CVE-2016-9586", "lastModified": "2023-11-07T02:37:14.110", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-04-23T18:29:00.537", "references": [{"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95019"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037515"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://curl.haxx.se/docs/adv_20161221A.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-47"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Secondary"}]}