CURL-CVE-2016-8615

Source
https://curl.se/docs/CVE-2016-8615.html
Import Source
https://curl.se/docs/CURL-CVE-2016-8615.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2016-8615
Aliases
Published
2016-11-02T08:00:00Z
Modified
2024-01-16T03:42:44.432359Z
Summary
cookie injection for other servers
Details

If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.

The issue pertains to the function that loads cookies into memory, which reads the specified file into a fixed-size buffer in a line-by-line manner using the fgets() function. If an invocation of fgets() cannot read the whole line into the destination buffer due to it being too small, it truncates the output. This way, a very long cookie (name + value) sent by a malicious server would be stored in the file and subsequently that cookie could be read partially and crafted correctly, it could be treated as a different cookie for another server.

References
Credits
    • Cure53 - FINDER
    • Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
4.9
Fixed
7.51.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events

Affected versions

4.*

4.10
4.9

5.*

5.0
5.10
5.11
5.2
5.2.1
5.3
5.4
5.5
5.5.1
5.7
5.7.1
5.8
5.9
5.9.1

6.*

6.0
6.1
6.2
6.3
6.3.1
6.4
6.5
6.5.1
6.5.2

7.*

7.1
7.1.1
7.10
7.10.1
7.10.2
7.10.3
7.10.4
7.10.5
7.10.6
7.10.7
7.10.8
7.11.0
7.11.1
7.11.2
7.12.0
7.12.1
7.12.2
7.12.3
7.13.0
7.13.1
7.13.2
7.14.0
7.14.1
7.15.0
7.15.1
7.15.2
7.15.3
7.15.4
7.15.5
7.16.0
7.16.1
7.16.2
7.16.3
7.16.4
7.17.0
7.17.1
7.18.0
7.18.1
7.18.2
7.19.0
7.19.1
7.19.2
7.19.3
7.19.4
7.19.5
7.19.6
7.19.7
7.2
7.2.1
7.20.0
7.20.1
7.21.0
7.21.1
7.21.2
7.21.3
7.21.4
7.21.5
7.21.6
7.21.7
7.22.0
7.23.0
7.23.1
7.24.0
7.25.0
7.26.0
7.27.0
7.28.0
7.28.1
7.29.0
7.3
7.30.0
7.31.0
7.32.0
7.33.0
7.34.0
7.35.0
7.36.0
7.37.0
7.37.1
7.38.0
7.39.0
7.4
7.4.1
7.4.2
7.40.0
7.41.0
7.42.0
7.42.1
7.43.0
7.44.0
7.45.0
7.46.0
7.47.0
7.47.1
7.48.0
7.49.0
7.49.1
7.5
7.5.1
7.5.2
7.50.0
7.50.1
7.50.2
7.50.3
7.6
7.6.1
7.7
7.7.1
7.7.2
7.7.3
7.8
7.8.1
7.9
7.9.1
7.9.2
7.9.3
7.9.4
7.9.5
7.9.6
7.9.7
7.9.8