curl: printf floating point buffer overflow (CVE-2016-9586)
libcurl’s implementation of the printf() functions triggers a buffer
overflow
when doing a large floating point output. The bug occurs when the
conversion
outputs more than 255 bytes.
Affected versions:
libcurl 7.1 to and including 7.51.0
Fixed in:
libcurl 7.52.0 (note that 7.52.0 introduce new vulnerability. https://curl.haxx.se/docs/adv\_20161223.html)
References:
https://curl.haxx.se/docs/adv\_20161221A.html
http://seclists.org/oss-sec/2016/q4/719
Patch:
https://curl.haxx.se/CVE-2016-9586.patch
(from redmine: issue id 6598, created on 2016-12-29, closed on 2017-01-10)
- Relations:
- child #6599 (closed)
- child #6600 (closed)
- child #6601 (closed)