Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-DEBIAN11-CURL-517580
- published 27 Jun 2018
- disclosed 31 Jul 2018
Introduced: 27 Jun 2018CVE-2016-8622 Open this link in a new tab
How to fix?
curl to version 7.51.0-1 or higher.
Note: Versions mentioned in the description apply only to the upstream
curl package and not the
curl package as distributed by
How to fix? for
Debian:11 relevant fixed versions and status.
The URL percent-encoding decode function in libcurl before 7.51.0 is called
curl_easy_unescape. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.