PT-2016-7788 · Curl+1 · Curl+1

Kamil Dudka

Publicado

2016-12-23

Atualizado

2026-05-18

CVE-2016-9594

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions curl versions prior to 7.52.1

Description The issue arises from an uninitialized random value in libcurl's internal function, which is used to generate nonces for Digest and NTLM authentication, boundary strings in HTTP formposts, and more. This weak or virtually non-existent random value makes the operations that use it vulnerable. The internal function was implemented poorly, overwriting the pointer instead of writing the value into the buffer the pointer pointed to.

Recommendations For versions prior to 7.52.1, update to version 7.52.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of Digest and NTLM authentication, as well as HTTP formposts, until a patch is available.

Correção

Use of Insufficiently Random Values

Improper Initialization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-330CWE-665

Identificadores relacionados

ALT-PU-2016-2479

ALT-PU-2018-2456

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2016-9594

OPENSUSE-SU-2024:10582-1

Produtos afetados

Alt Linux

Curl

PT-2016-7788 · Curl+1 · Curl+1

CVE-2016-9594

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 316