CVE-2016-9586

{"id": "CVE-2016-9586", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2018-04-23T18:29:00.537", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/95019", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1037515", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3558", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://curl.haxx.se/docs/adv_20161221A.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/201701-47", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/95019", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1037515", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3558", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://curl.haxx.se/docs/adv_20161221A.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201701-47", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-122"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks."}, {"lang": "es", "value": "curl, en versiones anteriores a la 7.52.0, es vulnerable a un desbordamiento de b\u00fafer cuando se realiza un env\u00edo de un gran puntero flotante en la implementaci\u00f3n de libcurl de la funci\u00f3n printf(). Si hay aplicaciones que acepten una cadena de formato externa sin necesitar un filtrado de entrada, podr\u00eda permitir ataques remotos."}], "lastModified": "2024-11-21T03:01:26.577", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C30B36FE-D891-4540-971F-7F9596F1A3A9", "versionEndExcluding": "7.52.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}