CVE-2016-8615

Name of the Vulnerable Software and Affected Versions curl versions prior to 7.51

Description A problem has been discovered where a malicious HTTP server can inject new cookies for arbitrary domains into a cookie jar file. This occurs when the cookie state is written into the cookie jar file and later read back for subsequent requests. The issue is related to the function that loads cookies into memory, which uses the fgets() function to read the specified file into a fixed-size buffer in a line-by-line manner. If the buffer is too small, it truncates the output, allowing a very long cookie sent by a malicious server to be stored in the file and potentially crafted to be treated as a different cookie for another server.

Recommendations For versions prior to 7.51, consider disabling the use of cookie jar files until a patch is available. As a temporary workaround, restrict the use of the fgets() function when loading cookies into memory to minimize the risk of exploitation. Avoid using cookie jar files that may have been compromised by a malicious HTTP server.