Vulnerability-Lookup

CVE-2016-8621 (GCVE-0-2016-8621)

Vulnerability from cvelistv5 – Published: 2018-07-31 22:00 – Updated: 2026-04-16 13:33

Summary

The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.

Severity

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-125

Assigner

redhat

References

10 references

URL	Tags
https://curl.haxx.se/docs/adv_20161102G.html	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3558	vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
https://www.tenable.com/security/tns-2016-21	x_refsource_CONFIRM
http://www.securitytracker.com/id/1037192	vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
https://curl.haxx.se/CVE-2016-8621.patch	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2486	vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201701-47	vendor-advisoryx_refsource_GENTOO
http://www.securityfocus.com/bid/94101	vdb-entryx_refsource_BID

Impacted products

1 product

Vendor	Product	Version
The Curl Project	curl	Affected: 7.51.0

Date Public

2016-11-02 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:41.134Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://curl.haxx.se/docs/adv_20161102G.html"
          },
          {
            "name": "RHSA-2018:3558",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3558"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "name": "1037192",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037192"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://curl.haxx.se/CVE-2016-8621.patch"
          },
          {
            "name": "RHSA-2018:2486",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2486"
          },
          {
            "name": "GLSA-201701-47",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-47"
          },
          {
            "name": "94101",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94101"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2016-8621",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-16T13:33:21.726674Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-16T13:33:28.480Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "curl",
          "vendor": "The Curl Project",
          "versions": [
            {
              "status": "affected",
              "version": "7.51.0"
            }
          ]
        }
      ],
      "datePublic": "2016-11-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-13T10:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://curl.haxx.se/docs/adv_20161102G.html"
        },
        {
          "name": "RHSA-2018:3558",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3558"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "name": "1037192",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037192"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://curl.haxx.se/CVE-2016-8621.patch"
        },
        {
          "name": "RHSA-2018:2486",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2486"
        },
        {
          "name": "GLSA-201701-47",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-47"
        },
        {
          "name": "94101",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94101"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-8621",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "curl",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.51.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Curl Project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            [
              {
                "vectorString": "4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://curl.haxx.se/docs/adv_20161102G.html",
              "refsource": "CONFIRM",
              "url": "https://curl.haxx.se/docs/adv_20161102G.html"
            },
            {
              "name": "RHSA-2018:3558",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3558"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621"
            },
            {
              "name": "https://www.tenable.com/security/tns-2016-21",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2016-21"
            },
            {
              "name": "1037192",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037192"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://curl.haxx.se/CVE-2016-8621.patch",
              "refsource": "CONFIRM",
              "url": "https://curl.haxx.se/CVE-2016-8621.patch"
            },
            {
              "name": "RHSA-2018:2486",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2486"
            },
            {
              "name": "GLSA-201701-47",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-47"
            },
            {
              "name": "94101",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94101"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-8621",
    "datePublished": "2018-07-31T22:00:00.000Z",
    "dateReserved": "2016-10-12T00:00:00.000Z",
    "dateUpdated": "2026-04-16T13:33:28.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2016-8621",
      "date": "2026-05-29",
      "epss": "0.03165",
      "percentile": "0.87146"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-8621\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-07-31T22:29:00.297\",\"lastModified\":\"2024-11-21T02:59:41.803\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n \\\"curl_getdate\\\" en curl en versiones anteriores a la 7.51.0 es vulnerable a una lectura fuera de l\u00edmites si recibe una entrada a la que le falta un d\u00edgito.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.51.0\",\"matchCriteriaId\":\"003F3872-1AD1-4980-9A63-39B7D6E09D66\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/94101\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037192\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2486\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3558\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://curl.haxx.se/CVE-2016-8621.patch\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://curl.haxx.se/docs/adv_20161102G.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201701-47\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2016-21\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/94101\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037192\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2486\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3558\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://curl.haxx.se/CVE-2016-8621.patch\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://curl.haxx.se/docs/adv_20161102G.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201701-47\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2016-21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://curl.haxx.se/docs/adv_20161102G.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3558\", \"name\": \"RHSA-2018:3558\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.tenable.com/security/tns-2016-21\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1037192\", \"name\": \"1037192\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://curl.haxx.se/CVE-2016-8621.patch\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2486\", \"name\": \"RHSA-2018:2486\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/201701-47\", \"name\": \"GLSA-201701-47\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/94101\", \"name\": \"94101\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T02:27:41.134Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2016-8621\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-16T13:33:21.726674Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-16T13:33:25.421Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"The Curl Project\", \"product\": \"curl\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.51.0\"}]}], \"datePublic\": \"2016-11-02T00:00:00.000Z\", \"references\": [{\"url\": \"https://curl.haxx.se/docs/adv_20161102G.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3558\", \"name\": \"RHSA-2018:3558\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.tenable.com/security/tns-2016-21\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securitytracker.com/id/1037192\", \"name\": \"1037192\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://curl.haxx.se/CVE-2016-8621.patch\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2486\", \"name\": \"RHSA-2018:2486\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.gentoo.org/glsa/201701-47\", \"name\": \"GLSA-201701-47\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"http://www.securityfocus.com/bid/94101\", \"name\": \"94101\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2018-11-13T10:57:01.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": [[{\"version\": \"3.0\", \"vectorString\": \"5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\"}], [{\"version\": \"2.0\", \"vectorString\": \"4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N\"}]]}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"7.51.0\"}]}, \"product_name\": \"curl\"}]}, \"vendor_name\": \"The Curl Project\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://curl.haxx.se/docs/adv_20161102G.html\", \"name\": \"https://curl.haxx.se/docs/adv_20161102G.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3558\", \"name\": \"RHSA-2018:3558\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621\", \"name\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.tenable.com/security/tns-2016-21\", \"name\": \"https://www.tenable.com/security/tns-2016-21\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.securitytracker.com/id/1037192\", \"name\": \"1037192\", \"refsource\": \"SECTRACK\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"name\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://curl.haxx.se/CVE-2016-8621.patch\", \"name\": \"https://curl.haxx.se/CVE-2016-8621.patch\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2486\", \"name\": \"RHSA-2018:2486\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://security.gentoo.org/glsa/201701-47\", \"name\": \"GLSA-201701-47\", \"refsource\": \"GENTOO\"}, {\"url\": \"http://www.securityfocus.com/bid/94101\", \"name\": \"94101\", \"refsource\": \"BID\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-125\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2016-8621\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert@redhat.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2016-8621\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-16T13:33:28.480Z\", \"dateReserved\": \"2016-10-12T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2018-07-31T22:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2023-1652

Vulnerability from csaf_certbund - Published: 2016-11-02 23:00 - Updated: 2023-12-13 23:00

Summary

cURL: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in cURL ausnutzen, um das System zum Absturz zu bringen, um Informationen aus den Cookies offenzulegen, um dem Benutzer falsche Informationen darzustellen und sich als ein Benutzer auszugeben.

Betroffene Betriebssysteme: - UNIX - Linux - F5 Networks

CVE-2016-8615

In cURL existieren elf Schwachstellen. Ein anonymer, entfernter Angreifer kann diese Schwachstellen nutzen, um das System zum Absturz zu bringen, um Informationen aus den Cookies offenzulegen, um den Benutzer falsche Informationen darzustellen und sich als ein Benutzer auszugeben.

Affected products

Known affected 11 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
F5 WebAccelerator F5	`cpe:/h:f5:big-ip_webaccelerator:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 Enterprise Manager F5	`cpe:/a:f5:enterprise_manager:-`	—
F5 Policy Enforcement Manager F5	`cpe:/a:f5:big-ip_policy_enforcement_manager:-`	—
Dell NetWorker < 19.9.0.1 Dell	`cpe:/a:dell:networker:19.9.0.1`	—
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Open Source cURL <= 7.50.3 Open Source / cURL	`cpe:/a:curl:curl:7.50.3`	—

CVE-2016-8616

Affected products

Known affected 11 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
F5 WebAccelerator F5	`cpe:/h:f5:big-ip_webaccelerator:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 Enterprise Manager F5	`cpe:/a:f5:enterprise_manager:-`	—
F5 Policy Enforcement Manager F5	`cpe:/a:f5:big-ip_policy_enforcement_manager:-`	—
Dell NetWorker < 19.9.0.1 Dell	`cpe:/a:dell:networker:19.9.0.1`	—
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Open Source cURL <= 7.50.3 Open Source / cURL	`cpe:/a:curl:curl:7.50.3`	—

CVE-2016-8617

Affected products

Known affected 11 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
F5 WebAccelerator F5	`cpe:/h:f5:big-ip_webaccelerator:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 Enterprise Manager F5	`cpe:/a:f5:enterprise_manager:-`	—
F5 Policy Enforcement Manager F5	`cpe:/a:f5:big-ip_policy_enforcement_manager:-`	—
Dell NetWorker < 19.9.0.1 Dell	`cpe:/a:dell:networker:19.9.0.1`	—
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Open Source cURL <= 7.50.3 Open Source / cURL	`cpe:/a:curl:curl:7.50.3`	—

CVE-2016-8618

Affected products

Known affected 11 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
F5 WebAccelerator F5	`cpe:/h:f5:big-ip_webaccelerator:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 Enterprise Manager F5	`cpe:/a:f5:enterprise_manager:-`	—
F5 Policy Enforcement Manager F5	`cpe:/a:f5:big-ip_policy_enforcement_manager:-`	—
Dell NetWorker < 19.9.0.1 Dell	`cpe:/a:dell:networker:19.9.0.1`	—
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Open Source cURL <= 7.50.3 Open Source / cURL	`cpe:/a:curl:curl:7.50.3`	—

CVE-2016-8619

Affected products

Known affected 11 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
F5 WebAccelerator F5	`cpe:/h:f5:big-ip_webaccelerator:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 Enterprise Manager F5	`cpe:/a:f5:enterprise_manager:-`	—
F5 Policy Enforcement Manager F5	`cpe:/a:f5:big-ip_policy_enforcement_manager:-`	—
Dell NetWorker < 19.9.0.1 Dell	`cpe:/a:dell:networker:19.9.0.1`	—
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Open Source cURL <= 7.50.3 Open Source / cURL	`cpe:/a:curl:curl:7.50.3`	—

CVE-2016-8620

Affected products

Known affected 11 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
F5 WebAccelerator F5	`cpe:/h:f5:big-ip_webaccelerator:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 Enterprise Manager F5	`cpe:/a:f5:enterprise_manager:-`	—
F5 Policy Enforcement Manager F5	`cpe:/a:f5:big-ip_policy_enforcement_manager:-`	—
Dell NetWorker < 19.9.0.1 Dell	`cpe:/a:dell:networker:19.9.0.1`	—
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Open Source cURL <= 7.50.3 Open Source / cURL	`cpe:/a:curl:curl:7.50.3`	—

CVE-2016-8621

Affected products

Known affected 11 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
F5 WebAccelerator F5	`cpe:/h:f5:big-ip_webaccelerator:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 Enterprise Manager F5	`cpe:/a:f5:enterprise_manager:-`	—
F5 Policy Enforcement Manager F5	`cpe:/a:f5:big-ip_policy_enforcement_manager:-`	—
Dell NetWorker < 19.9.0.1 Dell	`cpe:/a:dell:networker:19.9.0.1`	—
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Open Source cURL <= 7.50.3 Open Source / cURL	`cpe:/a:curl:curl:7.50.3`	—

CVE-2016-8622

Affected products

Known affected 11 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
F5 WebAccelerator F5	`cpe:/h:f5:big-ip_webaccelerator:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 Enterprise Manager F5	`cpe:/a:f5:enterprise_manager:-`	—
F5 Policy Enforcement Manager F5	`cpe:/a:f5:big-ip_policy_enforcement_manager:-`	—
Dell NetWorker < 19.9.0.1 Dell	`cpe:/a:dell:networker:19.9.0.1`	—
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Open Source cURL <= 7.50.3 Open Source / cURL	`cpe:/a:curl:curl:7.50.3`	—

CVE-2016-8623

Affected products

Known affected 11 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
F5 WebAccelerator F5	`cpe:/h:f5:big-ip_webaccelerator:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 Enterprise Manager F5	`cpe:/a:f5:enterprise_manager:-`	—
F5 Policy Enforcement Manager F5	`cpe:/a:f5:big-ip_policy_enforcement_manager:-`	—
Dell NetWorker < 19.9.0.1 Dell	`cpe:/a:dell:networker:19.9.0.1`	—
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Open Source cURL <= 7.50.3 Open Source / cURL	`cpe:/a:curl:curl:7.50.3`	—

CVE-2016-8624

Affected products

Known affected 11 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
F5 WebAccelerator F5	`cpe:/h:f5:big-ip_webaccelerator:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 Enterprise Manager F5	`cpe:/a:f5:enterprise_manager:-`	—
F5 Policy Enforcement Manager F5	`cpe:/a:f5:big-ip_policy_enforcement_manager:-`	—
Dell NetWorker < 19.9.0.1 Dell	`cpe:/a:dell:networker:19.9.0.1`	—
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Open Source cURL <= 7.50.3 Open Source / cURL	`cpe:/a:curl:curl:7.50.3`	—

CVE-2016-8625

Affected products

Known affected 11 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
F5 WebAccelerator F5	`cpe:/h:f5:big-ip_webaccelerator:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 Enterprise Manager F5	`cpe:/a:f5:enterprise_manager:-`	—
F5 Policy Enforcement Manager F5	`cpe:/a:f5:big-ip_policy_enforcement_manager:-`	—
Dell NetWorker < 19.9.0.1 Dell	`cpe:/a:dell:networker:19.9.0.1`	—
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Open Source cURL <= 7.50.3 Open Source / cURL	`cpe:/a:curl:curl:7.50.3`	—

References

37 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
http://marc.info/?l=oss-security&m=147807157209510&w=2	external
http://marc.info/?l=oss-security&m=147807141909472&w=2	external
http://marc.info/?l=oss-security&m=147807130909435&w=2	external
http://marc.info/?l=oss-security&m=147807120209419&w=2	external
http://marc.info/?l=oss-security&m=147807109409386&w=2	external
http://marc.info/?l=oss-security&m=147807098309363&w=2	external
http://marc.info/?l=oss-security&m=147807087409344&w=2	external
http://marc.info/?l=oss-security&m=147807076609326&w=2	external
http://marc.info/?l=oss-security&m=147807065309305&w=2	external
http://marc.info/?l=oss-security&m=147807054209225&w=2	external
http://marc.info/?l=oss-security&m=147807042909205&w=2	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
http://www.ubuntu.com/usn/usn-3123-1/	external
https://lists.debian.org/debian-security-announce…	external
https://www.suse.com/de-de/support/update/announc…	external
https://support.f5.com/csp/article/K44503763	external
https://support.f5.com/csp/article/K52828640	external
https://support.f5.com/csp/article/K46123931	external
https://support.f5.com/csp/article/K01006862	external
https://support.f5.com/csp/article/K23391972	external
https://support.f5.com/csp/article/K84940705	external
https://support.f5.com/csp/article/K26899353	external
https://support.f5.com/csp/article/K10196624	external
https://support.f5.com/csp/article/K31411450	external
https://support.f5.com/csp/article/K85235351	external
https://kb.juniper.net/InfoCenter/index?page=cont…	external
https://access.redhat.com/errata/RHSA-2018:2486	external
https://access.redhat.com/errata/RHSA-2018:3558	external
http://linux.oracle.com/errata/ELSA-2019-4652.html	external
http://linux.oracle.com/errata/ELSA-2019-1880.html	external
https://oss.oracle.com/pipermail/oraclevm-errata/…	external
http://linux.oracle.com/errata/ELSA-2020-5002.html	external
https://www.dell.com/support/kbdoc/de-de/00021549…	external
https://linux.oracle.com/errata/ELSA-2023-7743.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in cURL ausnutzen, um das System zum Absturz zu bringen, um Informationen aus den Cookies offenzulegen, um dem Benutzer falsche Informationen darzustellen und sich als ein Benutzer auszugeben.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- F5 Networks",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1652 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2023-1652.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1652 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1652"
      },
      {
        "category": "external",
        "summary": "Meldung auf der oss-sec Mailing Liste vom 2016-11-01",
        "url": "http://marc.info/?l=oss-security\u0026m=147807157209510\u0026w=2"
      },
      {
        "category": "external",
        "summary": "Meldung auf der oss-sec Mailing Liste vom 2016-11-01",
        "url": "http://marc.info/?l=oss-security\u0026m=147807141909472\u0026w=2"
      },
      {
        "category": "external",
        "summary": "Meldung auf der oss-sec Mailing Liste vom 2016-11-01",
        "url": "http://marc.info/?l=oss-security\u0026m=147807130909435\u0026w=2"
      },
      {
        "category": "external",
        "summary": "Meldung auf der oss-sec Mailing Liste vom 2016-11-01",
        "url": "http://marc.info/?l=oss-security\u0026m=147807120209419\u0026w=2"
      },
      {
        "category": "external",
        "summary": "Meldung auf der oss-sec Mailing Liste vom 2016-11-01",
        "url": "http://marc.info/?l=oss-security\u0026m=147807109409386\u0026w=2"
      },
      {
        "category": "external",
        "summary": "Meldung auf der oss-sec Mailing Liste vom 2016-11-01",
        "url": "http://marc.info/?l=oss-security\u0026m=147807098309363\u0026w=2"
      },
      {
        "category": "external",
        "summary": "Meldung auf der oss-sec Mailing Liste vom 2016-11-01",
        "url": "http://marc.info/?l=oss-security\u0026m=147807087409344\u0026w=2"
      },
      {
        "category": "external",
        "summary": "Meldung auf der oss-sec Mailing Liste vom 2016-11-01",
        "url": "http://marc.info/?l=oss-security\u0026m=147807076609326\u0026w=2"
      },
      {
        "category": "external",
        "summary": "Meldung auf der oss-sec Mailing Liste vom 2016-11-01",
        "url": "http://marc.info/?l=oss-security\u0026m=147807065309305\u0026w=2"
      },
      {
        "category": "external",
        "summary": "Meldung auf der oss-sec Mailing Liste vom 2016-11-01",
        "url": "http://marc.info/?l=oss-security\u0026m=147807054209225\u0026w=2"
      },
      {
        "category": "external",
        "summary": "Meldung auf der oss-sec Mailing Liste vom 2016-11-01",
        "url": "http://marc.info/?l=oss-security\u0026m=147807042909205\u0026w=2"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:2699-1 vom 2016-11-02",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162699-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:2714-1 vom 2016-11-04",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162714-1.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3123-1 vom 2016-11-03",
        "url": "http://www.ubuntu.com/usn/usn-3123-1/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-3705-1 vom 2016-11-03",
        "url": "https://lists.debian.org/debian-security-announce/2016/msg00288.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:2700-1 vom 2016-11-07",
        "url": "https://www.suse.com/de-de/support/update/announcement/2016/suse-su-20162700-1/"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K44503763 vom 2017-04-12",
        "url": "https://support.f5.com/csp/article/K44503763"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K52828640 vom 2017-04-12",
        "url": "https://support.f5.com/csp/article/K52828640"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K46123931 vom 2017-04-12",
        "url": "https://support.f5.com/csp/article/K46123931"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K01006862 vom 2017-04-12",
        "url": "https://support.f5.com/csp/article/K01006862"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K23391972 vom 2017-04-14",
        "url": "https://support.f5.com/csp/article/K23391972"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K84940705 vom 2017-04-14",
        "url": "https://support.f5.com/csp/article/K84940705"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K26899353 vom 2017-04-19",
        "url": "https://support.f5.com/csp/article/K26899353"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K10196624 vom 2017-04-21",
        "url": "https://support.f5.com/csp/article/K10196624"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K31411450 vom 2017-05-02",
        "url": "https://support.f5.com/csp/article/K31411450"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K85235351 vom 2017-12-22",
        "url": "https://support.f5.com/csp/article/K85235351"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin: JSA10874",
        "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10874\u0026actp=RSS"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2018:2486 vom 2018-08-17",
        "url": "https://access.redhat.com/errata/RHSA-2018:2486"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2018:3558 vom 2018-11-14",
        "url": "https://access.redhat.com/errata/RHSA-2018:3558"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-4652 vom 2019-05-21",
        "url": "http://linux.oracle.com/errata/ELSA-2019-4652.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-1880 vom 2019-07-30",
        "url": "http://linux.oracle.com/errata/ELSA-2019-1880.html"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2020-0035 vom 2020-09-01",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2020-September/000998.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5002 vom 2020-11-12",
        "url": "http://linux.oracle.com/errata/ELSA-2020-5002.html"
      },
      {
        "category": "external",
        "summary": "Security update for Dell NetWorker",
        "url": "https://www.dell.com/support/kbdoc/de-de/000215497/dsa-2023-233-security-update-for-dell-networker-curl-7-51-0"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-7743 vom 2023-12-13",
        "url": "https://linux.oracle.com/errata/ELSA-2023-7743.html"
      }
    ],
    "source_lang": "en-US",
    "title": "cURL: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-12-13T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:54:14.143+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1652",
      "initial_release_date": "2016-11-02T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2016-11-02T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2016-11-02T23:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-03T23:00:00.000+00:00",
          "number": "3",
          "summary": "New remediations available"
        },
        {
          "date": "2016-11-03T23:00:00.000+00:00",
          "number": "4",
          "summary": "New remediations available"
        },
        {
          "date": "2016-11-03T23:00:00.000+00:00",
          "number": "5",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-06T23:00:00.000+00:00",
          "number": "6",
          "summary": "New remediations available"
        },
        {
          "date": "2017-04-12T22:00:00.000+00:00",
          "number": "7",
          "summary": "New remediations available"
        },
        {
          "date": "2017-04-12T22:00:00.000+00:00",
          "number": "8",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-04-17T22:00:00.000+00:00",
          "number": "9",
          "summary": "New remediations available"
        },
        {
          "date": "2017-04-17T22:00:00.000+00:00",
          "number": "10",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-04-24T22:00:00.000+00:00",
          "number": "11",
          "summary": "New remediations available"
        },
        {
          "date": "2017-05-01T22:00:00.000+00:00",
          "number": "12",
          "summary": "New remediations available"
        },
        {
          "date": "2017-12-21T23:00:00.000+00:00",
          "number": "13",
          "summary": "New remediations available"
        },
        {
          "date": "2018-07-31T22:00:00.000+00:00",
          "number": "14",
          "summary": "New remediations available"
        },
        {
          "date": "2018-08-16T22:00:00.000+00:00",
          "number": "15",
          "summary": "New remediations available"
        },
        {
          "date": "2018-11-13T23:00:00.000+00:00",
          "number": "16",
          "summary": "New remediations available"
        },
        {
          "date": "2019-05-21T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2019-07-30T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2020-09-01T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von ORACLE aufgenommen"
        },
        {
          "date": "2020-11-11T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2023-07-04T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2023-12-13T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "22"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell NetWorker \u003c 19.9.0.1",
            "product": {
              "name": "Dell NetWorker \u003c 19.9.0.1",
              "product_id": "T028404",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:networker:19.9.0.1"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "F5 BIG-IP",
            "product": {
              "name": "F5 BIG-IP",
              "product_id": "T001663",
              "product_identification_helper": {
                "cpe": "cpe:/a:f5:big-ip:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "F5 Enterprise Manager",
            "product": {
              "name": "F5 Enterprise Manager",
              "product_id": "T000125",
              "product_identification_helper": {
                "cpe": "cpe:/a:f5:enterprise_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "F5 Policy Enforcement Manager",
            "product": {
              "name": "F5 Policy Enforcement Manager",
              "product_id": "T001720",
              "product_identification_helper": {
                "cpe": "cpe:/a:f5:big-ip_policy_enforcement_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "F5 WebAccelerator",
            "product": {
              "name": "F5 WebAccelerator",
              "product_id": "T001723",
              "product_identification_helper": {
                "cpe": "cpe:/h:f5:big-ip_webaccelerator:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "F5"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Open Source cURL \u003c= 7.50.3",
                "product": {
                  "name": "Open Source cURL \u003c= 7.50.3",
                  "product_id": "T008455",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:curl:curl:7.50.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source cURL \u003e= 7.51.0",
                "product": {
                  "name": "Open Source cURL \u003e= 7.51.0",
                  "product_id": "T008833",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:curl:curl:7.51.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "cURL"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Oracle VM",
            "product": {
              "name": "Oracle VM",
              "product_id": "T011119",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:vm:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "131442",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-8615",
      "notes": [
        {
          "category": "description",
          "text": "In cURL existieren elf Schwachstellen. Ein anonymer, entfernter Angreifer kann diese Schwachstellen nutzen, um das System zum Absturz zu bringen, um Informationen aus den Cookies offenzulegen, um den Benutzer falsche Informationen darzustellen und sich als ein Benutzer auszugeben."
        }
      ],
      "product_status": {
        "known_affected": [
          "131442",
          "T011119",
          "2951",
          "T001723",
          "T002207",
          "67646",
          "T000125",
          "T001720",
          "T028404",
          "T001663",
          "T004914"
        ],
        "last_affected": [
          "T008455"
        ]
      },
      "release_date": "2016-11-02T23:00:00.000+00:00",
      "title": "CVE-2016-8615"
    },
    {
      "cve": "CVE-2016-8616",
      "notes": [
        {
          "category": "description",
          "text": "In cURL existieren elf Schwachstellen. Ein anonymer, entfernter Angreifer kann diese Schwachstellen nutzen, um das System zum Absturz zu bringen, um Informationen aus den Cookies offenzulegen, um den Benutzer falsche Informationen darzustellen und sich als ein Benutzer auszugeben."
        }
      ],
      "product_status": {
        "known_affected": [
          "131442",
          "T011119",
          "2951",
          "T001723",
          "T002207",
          "67646",
          "T000125",
          "T001720",
          "T028404",
          "T001663",
          "T004914"
        ],
        "last_affected": [
          "T008455"
        ]
      },
      "release_date": "2016-11-02T23:00:00.000+00:00",
      "title": "CVE-2016-8616"
    },
    {
      "cve": "CVE-2016-8617",
      "notes": [
        {
          "category": "description",
          "text": "In cURL existieren elf Schwachstellen. Ein anonymer, entfernter Angreifer kann diese Schwachstellen nutzen, um das System zum Absturz zu bringen, um Informationen aus den Cookies offenzulegen, um den Benutzer falsche Informationen darzustellen und sich als ein Benutzer auszugeben."
        }
      ],
      "product_status": {
        "known_affected": [
          "131442",
          "T011119",
          "2951",
          "T001723",
          "T002207",
          "67646",
          "T000125",
          "T001720",
          "T028404",
          "T001663",
          "T004914"
        ],
        "last_affected": [
          "T008455"
        ]
      },
      "release_date": "2016-11-02T23:00:00.000+00:00",
      "title": "CVE-2016-8617"
    },
    {
      "cve": "CVE-2016-8618",
      "notes": [
        {
          "category": "description",
          "text": "In cURL existieren elf Schwachstellen. Ein anonymer, entfernter Angreifer kann diese Schwachstellen nutzen, um das System zum Absturz zu bringen, um Informationen aus den Cookies offenzulegen, um den Benutzer falsche Informationen darzustellen und sich als ein Benutzer auszugeben."
        }
      ],
      "product_status": {
        "known_affected": [
          "131442",
          "T011119",
          "2951",
          "T001723",
          "T002207",
          "67646",
          "T000125",
          "T001720",
          "T028404",
          "T001663",
          "T004914"
        ],
        "last_affected": [
          "T008455"
        ]
      },
      "release_date": "2016-11-02T23:00:00.000+00:00",
      "title": "CVE-2016-8618"
    },
    {
      "cve": "CVE-2016-8619",
      "notes": [
        {
          "category": "description",
          "text": "In cURL existieren elf Schwachstellen. Ein anonymer, entfernter Angreifer kann diese Schwachstellen nutzen, um das System zum Absturz zu bringen, um Informationen aus den Cookies offenzulegen, um den Benutzer falsche Informationen darzustellen und sich als ein Benutzer auszugeben."
        }
      ],
      "product_status": {
        "known_affected": [
          "131442",
          "T011119",
          "2951",
          "T001723",
          "T002207",
          "67646",
          "T000125",
          "T001720",
          "T028404",
          "T001663",
          "T004914"
        ],
        "last_affected": [
          "T008455"
        ]
      },
      "release_date": "2016-11-02T23:00:00.000+00:00",
      "title": "CVE-2016-8619"
    },
    {
      "cve": "CVE-2016-8620",
      "notes": [
        {
          "category": "description",
          "text": "In cURL existieren elf Schwachstellen. Ein anonymer, entfernter Angreifer kann diese Schwachstellen nutzen, um das System zum Absturz zu bringen, um Informationen aus den Cookies offenzulegen, um den Benutzer falsche Informationen darzustellen und sich als ein Benutzer auszugeben."
        }
      ],
      "product_status": {
        "known_affected": [
          "131442",
          "T011119",
          "2951",
          "T001723",
          "T002207",
          "67646",
          "T000125",
          "T001720",
          "T028404",
          "T001663",
          "T004914"
        ],
        "last_affected": [
          "T008455"
        ]
      },
      "release_date": "2016-11-02T23:00:00.000+00:00",
      "title": "CVE-2016-8620"
    },
    {
      "cve": "CVE-2016-8621",
      "notes": [
        {
          "category": "description",
          "text": "In cURL existieren elf Schwachstellen. Ein anonymer, entfernter Angreifer kann diese Schwachstellen nutzen, um das System zum Absturz zu bringen, um Informationen aus den Cookies offenzulegen, um den Benutzer falsche Informationen darzustellen und sich als ein Benutzer auszugeben."
        }
      ],
      "product_status": {
        "known_affected": [
          "131442",
          "T011119",
          "2951",
          "T001723",
          "T002207",
          "67646",
          "T000125",
          "T001720",
          "T028404",
          "T001663",
          "T004914"
        ],
        "last_affected": [
          "T008455"
        ]
      },
      "release_date": "2016-11-02T23:00:00.000+00:00",
      "title": "CVE-2016-8621"
    },
    {
      "cve": "CVE-2016-8622",
      "notes": [
        {
          "category": "description",
          "text": "In cURL existieren elf Schwachstellen. Ein anonymer, entfernter Angreifer kann diese Schwachstellen nutzen, um das System zum Absturz zu bringen, um Informationen aus den Cookies offenzulegen, um den Benutzer falsche Informationen darzustellen und sich als ein Benutzer auszugeben."
        }
      ],
      "product_status": {
        "known_affected": [
          "131442",
          "T011119",
          "2951",
          "T001723",
          "T002207",
          "67646",
          "T000125",
          "T001720",
          "T028404",
          "T001663",
          "T004914"
        ],
        "last_affected": [
          "T008455"
        ]
      },
      "release_date": "2016-11-02T23:00:00.000+00:00",
      "title": "CVE-2016-8622"
    },
    {
      "cve": "CVE-2016-8623",
      "notes": [
        {
          "category": "description",
          "text": "In cURL existieren elf Schwachstellen. Ein anonymer, entfernter Angreifer kann diese Schwachstellen nutzen, um das System zum Absturz zu bringen, um Informationen aus den Cookies offenzulegen, um den Benutzer falsche Informationen darzustellen und sich als ein Benutzer auszugeben."
        }
      ],
      "product_status": {
        "known_affected": [
          "131442",
          "T011119",
          "2951",
          "T001723",
          "T002207",
          "67646",
          "T000125",
          "T001720",
          "T028404",
          "T001663",
          "T004914"
        ],
        "last_affected": [
          "T008455"
        ]
      },
      "release_date": "2016-11-02T23:00:00.000+00:00",
      "title": "CVE-2016-8623"
    },
    {
      "cve": "CVE-2016-8624",
      "notes": [
        {
          "category": "description",
          "text": "In cURL existieren elf Schwachstellen. Ein anonymer, entfernter Angreifer kann diese Schwachstellen nutzen, um das System zum Absturz zu bringen, um Informationen aus den Cookies offenzulegen, um den Benutzer falsche Informationen darzustellen und sich als ein Benutzer auszugeben."
        }
      ],
      "product_status": {
        "known_affected": [
          "131442",
          "T011119",
          "2951",
          "T001723",
          "T002207",
          "67646",
          "T000125",
          "T001720",
          "T028404",
          "T001663",
          "T004914"
        ],
        "last_affected": [
          "T008455"
        ]
      },
      "release_date": "2016-11-02T23:00:00.000+00:00",
      "title": "CVE-2016-8624"
    },
    {
      "cve": "CVE-2016-8625",
      "notes": [
        {
          "category": "description",
          "text": "In cURL existieren elf Schwachstellen. Ein anonymer, entfernter Angreifer kann diese Schwachstellen nutzen, um das System zum Absturz zu bringen, um Informationen aus den Cookies offenzulegen, um den Benutzer falsche Informationen darzustellen und sich als ein Benutzer auszugeben."
        }
      ],
      "product_status": {
        "known_affected": [
          "131442",
          "T011119",
          "2951",
          "T001723",
          "T002207",
          "67646",
          "T000125",
          "T001720",
          "T028404",
          "T001663",
          "T004914"
        ],
        "last_affected": [
          "T008455"
        ]
      },
      "release_date": "2016-11-02T23:00:00.000+00:00",
      "title": "CVE-2016-8625"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-8621 (GCVE-0-2016-8621)

WID-SEC-W-2023-1652

Tags

Sightings

Nomenclature