PT-2016-7522 · Curl+3 · Curl+3

Andrej Nemec

Published

2016-11-02

Updated

2026-05-18

CVE-2016-8616

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions curl versions prior to 7.51.0

Description A flaw was found in curl where it performed case-insensitive comparisons of username and password with existing connections when reusing a connection. This allows an attacker to reuse an existing connection with proper credentials for a protocol that has connection-scoped credentials, if they know the case-insensitive version of the correct password.

Recommendations For versions prior to 7.51.0, update to version 7.51.0 or later to resolve the issue. As a temporary workaround, consider restricting the reuse of connections to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-178CWE-255CWE-592

Related Identifiers

ALT-PU-2016-2231

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2016-8616

DLA-711-1

DSA-3705-1

MGASA-2018-0053

OPENSUSE-SU-2016_2768-1

OPENSUSE-SU-2024:10303-1

RHSA-2018:3558

SUSE-SU-2016:2699-1

SUSE-SU-2016:2700-1

SUSE-SU-2016:2714-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

USN-3123-1

Affected Products

Alt Linux

Suse

Ubuntu

Curl

PT-2016-7522 · Curl+3 · Curl+3

CVE-2016-8616

Weakness Enumeration

Related Identifiers

Affected Products

References · 364