cURL/libcURL CVE-2016-8621 Information Disclosure Vulnerability

cURL/libcURL is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.

curl 7.12.2 through 7.50.3 are vulnerable.

Information

Bugtraq ID: 94101
Class: Unknown
CVE: CVE-2016-8621

Remote: Yes
Local: No
Published: Nov 02 2016 12:00AM
Updated: Apr 20 2017 12:04AM
Credit: Luat Nguyen
Vulnerable: Oracle Secure Global Desktop 5.3
Oracle Secure Global Desktop 5.2
Haxx Libcurl 7.50.3
Haxx Libcurl 7.50.2
Haxx Libcurl 7.50.1
Haxx Libcurl 7.50
Haxx Libcurl 7.47
Haxx Libcurl 7.46
Haxx Libcurl 7.43
Haxx Libcurl 7.42.1
Haxx Libcurl 7.36
Haxx Libcurl 7.34
Haxx Libcurl 7.33
Haxx Libcurl 7.32
Haxx Libcurl 7.31
Haxx Libcurl 7.30
Haxx Libcurl 7.25
Haxx Libcurl 7.23
Haxx Libcurl 7.22
Haxx Libcurl 7.21
Haxx Libcurl 7.20
Haxx Libcurl 7.19.6
Haxx Libcurl 7.19.5
Haxx Libcurl 7.19.4
Haxx Libcurl 7.19.3
Haxx Libcurl 7.18.1
Haxx Libcurl 7.18
Haxx Libcurl 7.17
Haxx Libcurl 7.16.4
Haxx Libcurl 7.15.5
Haxx Libcurl 7.15.3
Haxx Libcurl 7.15.2
Haxx Libcurl 7.15.1
Haxx Libcurl 7.15
Haxx Libcurl 7.14.1
Haxx Libcurl 7.14
Haxx Libcurl 7.13.2
Haxx Libcurl 7.13.1
Haxx Libcurl 7.13
Haxx Libcurl 7.12.3
Haxx Libcurl 7.12.2
Haxx Libcurl 7.49.0
Haxx Libcurl 7.48.0
Haxx Libcurl 7.42.0
Haxx Libcurl 7.41.0
Haxx Libcurl 7.40.0
Haxx Libcurl 7.39
Haxx Libcurl 7.38.0
Haxx Libcurl 7.37.1
Haxx Libcurl 7.37.0
Haxx Libcurl 7.35.0
Haxx Libcurl 7.29.0
Haxx Libcurl 7.28.1
Haxx Libcurl 7.28.0
Haxx Libcurl 7.27.0
Haxx Libcurl 7.26.0
Haxx Libcurl 7.24.0
Haxx Libcurl 7.23.1
Haxx Libcurl 7.21.7
Haxx Libcurl 7.21.6
Haxx Libcurl 7.21.5
Haxx Libcurl 7.21.4
Haxx Libcurl 7.21.3
Haxx Libcurl 7.21.2
Haxx Libcurl 7.21.1
Haxx Libcurl 7.20.1
Haxx Libcurl 7.19.7
Haxx Libcurl 7.19.2
Haxx Libcurl 7.19.1
Haxx Libcurl 7.19.0
Haxx Libcurl 7.18.2
Haxx Libcurl 7.17.1
Haxx Libcurl 7.16.3
Haxx Libcurl 7.16.2
Haxx Libcurl 7.16.1
Haxx Libcurl 7.16.0
Haxx Libcurl 7.15.4
Haxx Libcurl 7.10
Haxx Curl 7.50.3
Haxx Curl 7.50
Haxx Curl 7.47
Haxx Curl 7.46
Haxx Curl 7.45
Haxx Curl 7.43
Haxx Curl 7.42.1
Haxx Curl 7.36
Haxx Curl 7.34
Haxx Curl 7.33
Haxx Curl 7.32
Haxx Curl 7.31
Haxx Curl 7.30
Haxx Curl 7.25
Haxx Curl 7.23
Haxx Curl 7.22
Haxx Curl 7.21
Haxx Curl 7.20
Haxx Curl 7.19.6
Haxx Curl 7.19.5
Haxx Curl 7.19.4
Haxx Curl 7.19.3
Haxx Curl 7.18.1
Haxx Curl 7.18
Haxx Curl 7.17
Haxx Curl 7.16.4
Haxx Curl 7.15.5
Haxx Curl 7.15.3
Haxx Curl 7.15.2
Haxx Curl 7.15.1
Haxx Curl 7.15
Haxx Curl 7.14.1
Haxx Curl 7.14
Haxx Curl 7.13.2
Haxx Curl 7.13.1
Haxx Curl 7.13
Haxx Curl 7.12.3
Haxx Curl 7.12.2
Haxx Curl 7.50.1
Haxx Curl 7.49.0
Haxx Curl 7.48.0
Haxx Curl 7.42.0
Haxx Curl 7.41.0
Haxx Curl 7.40.0
Haxx Curl 7.39.0
Haxx Curl 7.38.0
Haxx Curl 7.37.1
Haxx Curl 7.35.0
Haxx Curl 7.29.0
Haxx Curl 7.28.1
Haxx Curl 7.28.0
Haxx Curl 7.27.0
Haxx Curl 7.26.0
Haxx Curl 7.24.0
Haxx Curl 7.23.1
Haxx Curl 7.21.7
Haxx Curl 7.21.6
Haxx Curl 7.21.5
Haxx Curl 7.21.4
Haxx Curl 7.21.3
Haxx Curl 7.21.2
Haxx Curl 7.21.1
Haxx Curl 7.20.1
Haxx Curl 7.19.7
Haxx Curl 7.19.2
Haxx Curl 7.19.1
Haxx Curl 7.19.0
Haxx Curl 7.18.2
Haxx Curl 7.17.1
Haxx Curl 7.16.3
Haxx Curl 7.16.2
Haxx Curl 7.16.1
Haxx Curl 7.16.0
Haxx Curl 7.15.4
Apple macOS 10.12.1

Not Vulnerable: Haxx Libcurl 7.51
Haxx Curl 7.51
Apple macOS 10.12.2

References:

cURL Home Page (cURL)
[SECURITY ADVISORY] curl_getdate read out of bounds (Seclists.org)
curl_getdate read out of bounds (Haxx)
Oracle Critical Patch Update Advisory - April 2017 (Oracle)

Source: www.securityfocus.com

Exploit Collector

Search Exploit

cURL/libcURL CVE-2016-8621 Information Disclosure Vulnerability

Information