CVE-2016-8619

Name of the Vulnerable Software and Affected Versions curl versions prior to 7.51.0

Description The issue arises from the read data() function in security.c, which is used in curl's implementation of the Kerberos authentication mechanism. This function fails to ensure that the length parameter passed to realloc() is not set to 0 when reading length fields from the socket. As a result, realloc() may be called with a zero size, returning NULL and freeing the memory. In the error path, libcurl then attempts to free the memory again, leading to a double free of memory. This flaw could be triggered by a malicious or ill-behaving server.

Recommendations For versions prior to 7.51.0, update to version 7.51.0 or later to resolve the issue. As a temporary workaround, consider disabling the read data() function in security.c until a patch is available. Restrict access to the Kerberos authentication mechanism to minimize the risk of exploitation. Avoid using the read data() function in the affected API endpoint until the issue is resolved.