CVE-2016-5421

Published: Aug 10, 2016Modified: May 6, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

Affected (9)

Products: Opensuse: Leap, Opensuse · Haxx: Libcurl · Canonical: Ubuntu Linux · +2 more

Show all products

Opensuse: Leap, Opensuse · Haxx: Libcurl · Canonical: Ubuntu Linux · Debian: Debian Linux · Fedoraproject: Fedora

2 products

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Haxx Libcurl	Up to 7.50.0

Configuration C

7 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Debian Debian Linux	Version 8.0
Fedoraproject Fedora	Version 23
Fedoraproject Fedora	Version 24
Opensuse Opensuse	Version 13.2

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (30)

http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2016/dsa-3638

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Source: secalert@redhat.com

PatchThird Party Advisory

http://www.securityfocus.com/bid/92306

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036536

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-3048-1

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3558

Source: secalert@redhat.com

Third Party Advisory

https://curl.haxx.se/docs/adv_20160803C.html

Source: secalert@redhat.com

MitigationVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201701-47

Source: secalert@redhat.com

Third Party Advisory

https://source.android.com/security/bulletin/2016-12-01.html

Source: secalert@redhat.com

Third Party Advisory

https://www.tenable.com/security/tns-2016-18

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.debian.org/security/2016/dsa-3638

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

http://www.securityfocus.com/bid/92306

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036536

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.ubuntu.com/usn/USN-3048-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3558

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://curl.haxx.se/docs/adv_20160803C.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201701-47

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://source.android.com/security/bulletin/2016-12-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.tenable.com/security/tns-2016-18

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.