Vulnerability CVE-2016-9594: Information

Description

curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-9594
Published: April 23, 2018
Modified: Nov. 7, 2023
Error type identifier: CWE-665

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
curlsisyphus7.52.1-alt1.S18.7.1-alt2ALT-PU-2016-2479-1175375Fixed
curlp107.52.1-alt1.S18.7.1-alt2ALT-PU-2016-2479-1175375Fixed
curlp97.52.1-alt1.S17.79.0-alt2ALT-PU-2016-2479-1175375Fixed
curlp87.52.1-alt1.M80P.17.65.0-alt1ALT-PU-2016-2480-1175378Fixed
curlc10f17.52.1-alt1.S18.6.0-alt1ALT-PU-2016-2479-1175375Fixed
curlc9f27.52.1-alt1.S18.6.0-alt1ALT-PU-2016-2479-1175375Fixed
curlc77.56.1-alt1.M70C.1.17.56.1-alt1.M70C.1.1ALT-PU-2018-1442-1202075Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://curl.haxx.se/docs/adv_20161223.html
  • Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9594
  • Issue Tracking
  • Third Party Advisory
https://www.tenable.com/security/tns-2017-04
  • Third Party Advisory
GLSA-201701-47
  • Third Party Advisory
1037528
  • VDB Entry
  • Third Party Advisory
95094
  • Third Party Advisory
  • VDB Entry

    1. Configuration 1

      cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
      End excliding
      7.52.1
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.1
Back to top