CVE-2016-9953
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.
La función verify_certificate en lib/vtls/schannel.c en libcurl, desde la versión 7.30.0 hasta la 7.51.0, cuando se construye para Windows CE usando el backend TLS schannel, permite a los atacantes remotos obtener información sensible, causar una denegación de servicio (cierre inesperado) o, posiblemente, tener otro tipo de impacto no especificado mediante un nombre de certificado wildcard, lo cual desencadena una lectura fuera de límites.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-15 CVE Reserved
- 2018-03-12 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://curl.haxx.se/CVE-2016-9952.patch | 2023-12-15 | |
| https://curl.haxx.se/docs/adv_20161221C.html | 2023-12-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | >= 7.30.0 <= 7.51.0 Search vendor "Haxx" for product "Curl" and version " >= 7.30.0 <= 7.51.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Embedded Compact Search vendor "Microsoft" for product "Windows Embedded Compact" | - | - |
Safe
|