PT-2016-7527 · Curl+3 · Curl+3

Andrej Nemec

Published

2016-11-02

Updated

2026-05-18

CVE-2016-8621

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions curl versions prior to 7.51.0

Description The curl getdate function is vulnerable to an out of bounds read if it receives an input with one digit short. This function converts a given date string into a numerical timestamp and supports various formats. It is also used internally when parsing HTTP cookies and conditional HTTP requests. The date parser function uses the libc sscanf() function, which can parse strings with HH:MM or HH:MM:SS formats. If the input string has the final digit cut off, the date parser code advances its read pointer one byte too much, resulting in an out of bounds read.

Recommendations For versions prior to 7.51.0, update to version 7.51.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the curl getdate function until a patch is available. Avoid using the curl getdate function with input strings that may have the final digit cut off.

Fix

Buffer Over-read

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-126CWE-125

Related Identifiers

ALT-PU-2016-2231

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2016-8621

DLA-711-1

DSA-3705-1

MGASA-2018-0053

OPENSUSE-SU-2016_2768-1

OPENSUSE-SU-2024:10303-1

RHSA-2018:3558

SUSE-SU-2016:2699-1

SUSE-SU-2016:2700-1

SUSE-SU-2016:2714-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

USN-3123-1

Affected Products

Alt Linux

Suse

Ubuntu

Curl

PT-2016-7527 · Curl+3 · Curl+3

CVE-2016-8621

Weakness Enumeration

Related Identifiers

Affected Products

References · 365