What is CVE-2016-8616?

CVE-2016-8616 is a low-severity vulnerability in The Curl Project, classified under CWE-592. CVSS score: 3.7/10. Published 2018-08-01.

How severe is CVE-2016-8616?

Low severity. CVSS v3 base score is 3.7 out of 10.

Is CVE-2016-8616 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in The Curl Project

CVE-2016-8616

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials…

EPSS: 0.045 (89.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

The Curl Project — versions 7.51.0

Weakness classification (CWE)

CWE-592

Public proof-of-concept exploits

References

94094 (vdb-entry, x_refsource_BID)
RHSA-2018:3558 (x_refsource_REDHAT, vendor-advisory)
curl.haxx.se/docs/adv_20161102B.html (x_refsource_CONFIRM)
bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
curl.haxx.se/CVE-2016-8616.patch (x_refsource_CONFIRM)
www.tenable.com/security/tns-2016-21 (x_refsource_CONFIRM)
1037192 (vdb-entry, x_refsource_SECTRACK)
www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html (x_refsource_CONFIRM)
RHSA-2018:2486 (x_refsource_REDHAT, vendor-advisory)
GLSA-201701-47 (vendor-advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2016-8616?: CVE-2016-8616 is a low-severity vulnerability in The Curl Project, classified under CWE-592. CVSS score: 3.7/10. Published 2018-08-01.
How severe is CVE-2016-8616?: Low severity. CVSS v3 base score is 3.7 out of 10.
Is CVE-2016-8616 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.