CVE-2016-8618 - log back

CVE-2016-8618 created at 25 Sep 2019 19:31:40
+ High
+ Remote
+ Arbitrary code execution
+ The libcurl API function called curl_maprintf() can be tricked into doing a double-free due to an unsafe size_t multiplication, on systems using 32 bit size_t variables. The function is also used internally in numerous situations.
+ The function doubles an allocated memory area with realloc() and allows the size to wrap and become zero and when doing so realloc() returns NULL and frees the memory - in contrary to normal realloc() fails where it only returns NULL - causing libcurl to free the memory again in the error path.
+ This behavior is triggerable using the publicly exposed function. Systems with 64 bit versions of the size_t type are not affected by this issue.