curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-04-23T18:00:00

Updated: 2024-08-06T02:59:02.246Z

Reserved: 2016-11-23T00:00:00

Link: CVE-2016-9586

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-04-23T18:29:00.537

Modified: 2024-11-21T03:01:26.577

Link: CVE-2016-9586

cve-icon Redhat

Severity : Low

Publid Date: 2016-12-21T00:00:00Z

Links: CVE-2016-9586 - Bugzilla