CVE-2016-8623

Name of the Vulnerable Software and Affected Versions curl versions prior to 7.51.0

Description A flaw in the way curl handles cookies allows other threads to trigger a use-after-free, leading to information disclosure. This occurs because curl permits users to share cookies between multiple easy handles that are concurrently employed by different threads. When cookies are collected to be sent to a server, the matching function returns a list with references to the original strings, but if another thread quickly takes the lock and frees one of the original cookie structs together with its strings, a use-after-free can occur. Additionally, another thread can replace the contents of the cookies from separate HTTP responses or API calls.

Recommendations For versions prior to 7.51.0, update to version 7.51.0 or later to resolve the issue. As a temporary workaround, consider restricting concurrent access to shared cookies between multiple easy handles to minimize the risk of exploitation.