CVE-2016-5421

HIGH

Opensuse Leap < 7.50.0 - Use After Free

Title source: rule
STIX 2.1

Description

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

References (15)

Core 15
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3558
Third Party Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2016-12-01.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92306
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3638
Mitigation, Vendor Advisory x_refsource_misc
https://curl.haxx.se/docs/adv_20160803C.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html
Third Party Advisory x_refsource_confirm
https://www.tenable.com/security/tns-2016-18
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036536
Patch, Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201701-47
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3048-1

Scores

CVSS v3 8.1
EPSS 0.0109
EPSS Percentile 78.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (9)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
debian/debian_linux 8.0
fedoraproject/fedora 23
fedoraproject/fedora 24
haxx/libcurl < 7.50.0
opensuse/leap 42.1
opensuse/opensuse 13.2
Published Aug 10, 2016
Tracked Since Feb 18, 2026