CVE-2016-5421

Summary

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

Impact & exploitability

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products we track (1)

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html ↗

Additional information

• NVD record
• http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch
• http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.htmlAdvisory
• http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.htmlAdvisory
• http://www.debian.org/security/2016/dsa-3638Advisory
• http://www.securityfocus.com/bid/92306Advisory
• http://www.securitytracker.com/id/1036536Advisory
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059Advisory
• http://www.ubuntu.com/usn/USN-3048-1Advisory