FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cURL -- buffer overflow

Affected packages
7.1 <= curl < 7.52

Details

VuXML ID 42880202-c81c-11e6-a9a5-b499baebfeaf
Discovery 2016-12-21
Entry 2016-12-22

The cURL project reports:

printf floating point buffer overflow

libcurl's implementation of the printf() functions triggers a buffer overflow when doing a large floating point output. The bug occurs whenthe conversion outputs more than 255 bytes.

References

CVE Name CVE-2016-9586
URL https://curl.haxx.se/docs/vuln-7.51.0.html