CVE-2016-8618

Name of the Vulnerable Software and Affected Versions libcurl versions prior to 7.51.0

Description The issue arises from an unsafe size t multiplication in the curl maprintf() function, which can be tricked into doing a double-free. This occurs on systems using 32-bit size t variables. The function is used internally in numerous situations and can double an allocated memory area with realloc(), allowing the size to wrap and become zero. When this happens, realloc() returns NULL and frees the memory. If this error occurs, libcurl attempts to free the memory again, resulting in a double-free. Systems with 64-bit versions of the size t type are not affected.

Recommendations For versions prior to 7.51.0, consider disabling the curl maprintf() function as a temporary workaround until a patch is available. Restrict the use of the curl maprintf() function to minimize the risk of exploitation. Avoid using the curl maprintf() function in situations where it may be triggered by an unsafe size t multiplication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.