Your submission was sent successfully! Close

CVE-2016-7167

Published: 7 October 2016

Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian
precise
Released (7.22.0-3ubuntu4.17)
trusty
Released (7.35.0-1ubuntu2.10)
upstream
Released (7.50.3)
xenial
Released (7.47.0-1ubuntu2.2)
yakkety
Released (7.50.1-1ubuntu1.1)
zesty
Released (7.50.1-1ubuntu2)