CVE-2016-8616 in Ubuntu

CVE-2016-8616

Priority

Description

A flaw was found in curl before version 7.51.0 When re-using a connection,
curl was doing case insensitive comparisons of user name and password with
the existing connections. This means that if an unused connection with
proper credentials exists for a protocol that has connection-scoped
credentials, an attacker can cause that connection to be reused if s/he
knows the case-insensitive version of the correct password.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616
https://curl.haxx.se/docs/adv_20161102B.html
https://ubuntu.com/security/notices/USN-3123-1

Assigned-to

mdeslaur

Notes

Package

Source: curl (LP Ubuntu Debian)

Upstream:	released (7.51.0)
Ubuntu 16.04 ESM:	released (7.47.0-1ubuntu2.2)
Ubuntu 14.04 ESM:	released (7.35.0-1ubuntu2.10)

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-04-13 12:40:43 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)