Vulnerability DatabaseCVE-2016-8622
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2016-8622
Published:July 31, 2018
Updated:May 17, 2026
The URL percent-encoding decode function in libcurl before 7.51.0 is called "curl_easy_unescape". Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.
Related Resources (12)
https://www.tenable.com/security/tns-2016-21
https://security-tracker.debian.org/tracker/CVE-2016-8622
http://www.securitytracker.com/id/1037192
https://curl.haxx.se/docs/adv_20161102H.html
https://security.gentoo.org/glsa/201701-47
https://people.canonical.com/~ubuntu-security/cve/CVE-2016-8622
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://access.redhat.com/errata/RHSA-2018:2486
https://access.redhat.com/errata/RHSA-2018:3558
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622
http://www.securityfocus.com/bid/94105
https://access.redhat.com/security/cve/CVE-2016-8622
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE
Weakness Type (CWE)
Integer Overflow or Wraparound
CWE-190
Out-of-bounds Write
CWE-787
Heap-based Buffer Overflow
CWE-122
EPSS
Base Score:
1.71