Executive Summary

Informations
NameCVE-2016-9586First vendor Publication2018-04-23
VendorCveLast vendor Modification2018-11-13

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application132

Nessus® Vulnerability Scanner

DateDescription
2018-11-07Name : The remote Debian host is missing a security update.
File : debian_DLA-1568.nasl - Type : ACT_GATHER_INFO
2018-10-26Name : The remote EulerOS Virtualization host is missing multiple security updates.
File : EulerOS_SA-2018-1330.nasl - Type : ACT_GATHER_INFO
2018-07-03Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1202.nasl - Type : ACT_GATHER_INFO
2018-07-03Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1203.nasl - Type : ACT_GATHER_INFO
2017-10-11Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3441-1.nasl - Type : ACT_GATHER_INFO
2017-09-01Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-2312-1.nasl - Type : ACT_GATHER_INFO
2017-07-25Name : The remote host is missing a macOS or Mac OS X security update that fixes mul...
File : macosx_SecUpd2017-003.nasl - Type : ACT_GATHER_INFO
2017-04-27Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-513.nasl - Type : ACT_GATHER_INFO
2017-04-19Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-1042-1.nasl - Type : ACT_GATHER_INFO
2017-04-19Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-1043-1.nasl - Type : ACT_GATHER_INFO
2017-03-31Name : The remote host is missing a macOS update that fixes multiple security vulner...
File : macos_10_12_4.nasl - Type : ACT_GATHER_INFO
2017-03-23Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2017-806.nasl - Type : ACT_GATHER_INFO
2017-01-20Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201701-47.nasl - Type : ACT_GATHER_INFO
2017-01-03Name : The remote Debian host is missing a security update.
File : debian_DLA-767.nasl - Type : ACT_GATHER_INFO
2017-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2016-86d2b5aefb.nasl - Type : ACT_GATHER_INFO
2016-12-28Name : The remote Fedora host is missing a security update.
File : fedora_2016-edbb33ab2e.nasl - Type : ACT_GATHER_INFO
2016-12-22Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_42880202c81c11e6a9a5b499baebfeaf.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/95019
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://curl.haxx.se/docs/adv_20161221A.html
https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16
GENTOO https://security.gentoo.org/glsa/201701-47
MISC https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586
MLIST https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html
REDHAT https://access.redhat.com/errata/RHSA-2018:3558
SECTRACK http://www.securitytracker.com/id/1037515

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
DateInformations
2018-11-13 17:19:22
  • Multiple Updates
2018-11-07 17:20:09
  • Multiple Updates
2018-10-17 09:20:20
  • Multiple Updates
2018-05-24 21:19:52
  • Multiple Updates
2018-04-25 09:19:16
  • Multiple Updates
2018-04-24 00:19:17
  • First insertion