CVE-2016-9586

Priority
Low
Description
libcurl's implementation of the printf() functions triggers a buffer overflow
when doing a large floating point output. The bug occurs when the conversion
outputs more than 255 bytes.
This flaw does not exist in the command line tool.
References
Bugs
Assigned-to
mdeslaur
Package
Source: curl (LP Ubuntu Debian)
Upstream:released (7.52.0)
Ubuntu 17.10 (Artful Aardvark):not-affected (7.52.1-5ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):released (7.35.0-1ubuntu2.11)
Ubuntu Core 15.04:needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):released (7.47.0-1ubuntu2.3)
Ubuntu 17.04 (Zesty Zapus):not-affected (7.52.1-4ubuntu1.1)
Patches:
Upstream:https://github.com/curl/curl/commit/3ab3c16db6a5674f53cf23d56512a405fde0b2c9
Upstream:https://curl.haxx.se/CVE-2016-9586.patch
More Information

Updated: 2017-10-10 16:14:17 UTC (commit 13484)