A remote attacker is able to execute arbitrary code on a target machine by sending crafted data to the server. In addition, the nonces generated by libcurl 7.52.0 were not truly random, which allowed for an attacker to derive sensitive information (e.g., session keys).