CVE-2016-8618

The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t`…

redhat·CWE-416·Published 2018-07-31

CVSS

—

EPSS

0.05

KEV

Exploits

Vendor statements (3)

cve.orgen

197 chars

The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.

NVDes

257 chars

La función API de libcurl llamada "curl_maprintf()" en versiones anteriores a la 7.51.0 puede ser engañada para realizar una doble liberación (double free) debido a una multiplicación "size_t" insegura en sistemas que utilizan variables "size_t" de 32 bits.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.0	Primary	NVD	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.0	Primary	cve.org	5.3	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3.0	Primary	cve.org	5.3	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3.0	Secondary	NVD	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N