Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2016-7167First vendor Publication2016-10-07
VendorCveLast vendor Modification2018-11-13

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7167

CWE : Common Weakness Enumeration

%idName
100 %CWE-190Integer Overflow or Wraparound (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application132
Os3

Nessus® Vulnerability Scanner

DateDescription
2018-11-07Name : The remote Debian host is missing a security update.
File : debian_DLA-1568.nasl - Type : ACT_GATHER_INFO
2017-08-25Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2017-2016.nasl - Type : ACT_GATHER_INFO
2017-08-22Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20170801_curl_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2017-08-09Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-2016.nasl - Type : ACT_GATHER_INFO
2017-08-02Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-2016.nasl - Type : ACT_GATHER_INFO
2017-05-01Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1035.nasl - Type : ACT_GATHER_INFO
2017-05-01Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1036.nasl - Type : ACT_GATHER_INFO
2017-01-20Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201701-47.nasl - Type : ACT_GATHER_INFO
2016-12-16Name : The remote host is missing a macOS update that fixes multiple security vulner...
File : macos_10_12_2.nasl - Type : ACT_GATHER_INFO
2016-11-15Name : The remote Fedora host is missing a security update.
File : fedora_2016-08533fc59c.nasl - Type : ACT_GATHER_INFO
2016-11-14Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1280.nasl - Type : ACT_GATHER_INFO
2016-11-04Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2714-1.nasl - Type : ACT_GATHER_INFO
2016-11-04Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3123-1.nasl - Type : ACT_GATHER_INFO
2016-11-03Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2699-1.nasl - Type : ACT_GATHER_INFO
2016-10-06Name : The remote Fedora host is missing a security update.
File : fedora_2016-80f4f71eff.nasl - Type : ACT_GATHER_INFO
2016-09-28Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2016-742.nasl - Type : ACT_GATHER_INFO
2016-09-19Name : The remote Debian host is missing a security update.
File : debian_DLA-625.nasl - Type : ACT_GATHER_INFO
2016-09-16Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2016-259-01.nasl - Type : ACT_GATHER_INFO
2016-09-16Name : The remote Fedora host is missing a security update.
File : fedora_2016-7a2ed52d41.nasl - Type : ACT_GATHER_INFO
2016-09-15Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_b018121b7a4b11e6bf52b499baebfeaf.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/92975
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://curl.haxx.se/docs/adv_20160914.html
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
GENTOO https://security.gentoo.org/glsa/201701-47
MLIST https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html
REDHAT https://access.redhat.com/errata/RHSA-2017:2016
https://access.redhat.com/errata/RHSA-2018:2486
https://access.redhat.com/errata/RHSA-2018:3558
SECTRACK http://www.securitytracker.com/id/1036813
SLACKWARE http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&...

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
DateInformations
2018-11-13 17:19:22
  • Multiple Updates
2018-11-07 17:20:09
  • Multiple Updates
2018-10-17 09:20:19
  • Multiple Updates
2018-08-17 17:19:30
  • Multiple Updates
2018-03-05 01:01:20
  • Multiple Updates
2018-01-05 09:23:55
  • Multiple Updates
2017-11-02 12:04:54
  • Multiple Updates
2017-08-26 13:24:55
  • Multiple Updates
2017-08-23 13:25:04
  • Multiple Updates
2017-08-10 13:25:16
  • Multiple Updates
2017-08-03 13:24:45
  • Multiple Updates
2017-07-01 09:23:44
  • Multiple Updates
2017-05-02 13:24:37
  • Multiple Updates
2017-01-21 13:22:46
  • Multiple Updates
2016-12-17 13:23:50
  • Multiple Updates
2016-11-16 13:26:22
  • Multiple Updates
2016-11-15 13:25:42
  • Multiple Updates
2016-11-05 13:24:39
  • Multiple Updates
2016-11-04 13:25:43
  • Multiple Updates
2016-10-11 17:22:56
  • Multiple Updates
2016-10-07 21:25:18
  • First insertion