CURL-CVE-2016-9594

See a problem?
Source
https://curl.se/docs/CVE-2016-9594.html
Import Source
https://curl.se/docs/CURL-CVE-2016-9594.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2016-9594
Aliases
Published
2016-12-23T08:00:00Z
Modified
2024-06-07T13:53:51Z
Summary
uninitialized random
Details

libcurl's (new) internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into the buffer the pointer pointed to.

This random value is used to generate nonces for Digest and NTLM authentication, for generating boundary strings in HTTP formposts and more. Having a weak or virtually non-existent random there makes these operations vulnerable.

This function is brand new in 7.52.0 and is the result of an overhaul to make sure libcurl uses strong random as much as possible - provided by the backend TLS crypto libraries when present.

References
Credits
    • Kamil Dudka - FINDER
    • Kamil Dudka - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.52.0
Fixed
7.52.1
Type
GIT
Repo
https://github.com/curl/curl.git
Events
Introduced
f682156a4fc6c43fb38db4abda49b9a1bc1ed368
Fixed
f81b2277a8e7e9ce8809ccd30c25b8aa72101215

Affected versions

7.*

7.52.0