The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update
Type/Severity
Security Advisory: Important
Topic
Red Hat JBoss Core Services Pack Apache Server 2429 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has rated this release ...
Synopsis
Moderate: httpd24 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of ...
This build resolves the following issues:
CVE-2016-8615: Cookie injection for other serversCVE-2016-8616: Case insensitive password comparisonCVE-2016-8617: Out-of-bounds write via unchecked multiplicationCVE-2016-8618: Double-free in curl_maprintfCVE-2016-8619: Double-free in krb5 codeCVE-2016-8620: Glob parser write/read out of boundsCVE-2016-862 ...
The base64 encode function in curl before version 7510 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME` ...
In libcurl's base64 encode function, the output buffer is allocated as follows without any checks on insize:
malloc( insize * 4 / 3 + 4 )
On systems with 32-bit addresses in userspace (eg x86, ARM, x32), the multiplication in the expression wraps around if insize is at least 1GB of data If this happens, an undersized output buffer will be alloc ...
LCE 481 is possibly impacted by multiple vulnerabilities reported in third-party libraries Tenable has not investigated each one to determine if it is exploitable or the vulnerable code path can be reached Instead, Dev has upgraded the impacted libraries as a faster and safer alternative Due to the number of library upgrades and the potential ...