CVE-2016-10585

Name of the Vulnerable Software and Affected Versions libxl (affected versions not specified)

Description The issue concerns the insecure download of resources over HTTP, making it susceptible to man-in-the-middle (MITM) attacks. This could potentially lead to remote code execution (RCE) if an attacker intercepts and alters the downloaded zip file. The vulnerability exploits the lack of encryption in the HTTP connection, allowing an attacker with a privileged network position to replace the executable with a malicious one, resulting in code execution on the system running libxl.

Recommendations For all affected versions, consider installing the bindings using a pinned and verified version of the SDK instead of the automated download to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.