CVE-2017-8818

Name of the Vulnerable Software and Affected Versions libcurl versions prior to 7.57.0

Description The issue is related to an out-of-bounds access flaw in SSL-related code. When allocating memory for a connection, the math used to calculate the extra memory amount necessary for the SSL library was incorrect on 32-bit systems, resulting in too little memory being allocated. This could lead to a crash or other undefined behaviors when accessing the last struct member of the last object within the memory area. The vulnerability is specifically present in 32-bit builds where sizeof(long long *) < sizeof(long long).

Recommendations For versions prior to 7.57.0, update to version 7.57.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of SSL-related functions in libcurl on 32-bit platforms until a patch is available.