CVE-2016-8622

Name of the Vulnerable Software and Affected Versions libcurl versions prior to 7.51.0

Description The issue concerns the URL percent-encoding decode function in libcurl, internally known as curl easy unescape. This function can lead to libcurl writing outside of its heap-based buffer if it attempts to allocate a destination buffer larger than 2GB, due to the length being returned in a signed 32-bit integer variable. This can cause the length to be truncated or become negative. The problem can be triggered by a user on a 64-bit system if they can send a custom, very large URL to a libcurl-using program.

Recommendations For versions prior to 7.51.0, update to version 7.51.0 or later to resolve the issue. As a temporary workaround, consider restricting the size of URLs that can be processed by libcurl to prevent the curl easy unescape function from attempting to allocate excessively large buffers.