CVE-2016-8620 in Ubuntu

CVE-2016-8620

Priority

Description

The 'globbing' feature in curl before version 7.51.0 has a flaw that leads
to integer overflow and out-of-bounds read via user controlled input.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620
https://curl.haxx.se/docs/adv_20161102F.html
https://ubuntu.com/security/notices/USN-3123-1

Assigned-to

mdeslaur

Notes

mdeslaur

curl 7.34.0 to and including 7.50.3

Package

Source: curl (LP Ubuntu Debian)

Upstream:	released (7.51.0)
Ubuntu 16.04 ESM:	released (7.47.0-1ubuntu2.2)
Ubuntu 14.04 ESM:	released (7.35.0-1ubuntu2.10)

Patches:

More Information

Updated: 2022-04-13 12:40:54 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)