CVE-2016-8623 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
libcurl explicitly allows users to share cookies between multiple easy handles that are concurrently employed by different threads.
When cookies to be sent to a server are collected, the matching function collects all cookies to send and the cookie lock is released immediately afterwards. That function however only returns a list with references back to the original strings for name, value, path and so on. Therefore, if another thread quickly takes the lock and frees one of the original cookie structs together with its strings, a use-after-free can occur possibly leading to arbitrary code execution. Another thread can also replace the contents of the cookies from separate HTTP responses or API calls.
Group Package Affected Fixed Severity Status Ticket
AVG-66 lib32-libcurl-gnutls 7.50.3-1 7.51.0-1 High Fixed
AVG-65 libcurl-gnutls 7.50.3-1 7.51.0-1 High Fixed
AVG-63 lib32-libcurl-compat 7.50.3-1 7.51.0-1 High Fixed
AVG-62 libcurl-compat 7.50.3-1 7.51.0-1 High Fixed
AVG-61 lib32-curl 7.50.3-1 7.51.0-1 High Fixed
AVG-60 curl 7.50.3-1 7.51.0-1 High Fixed
Date Advisory Group Package Severity Description
03 Nov 2016 ASA-201611-9 AVG-65 libcurl-gnutls High multiple issues
03 Nov 2016 ASA-201611-8 AVG-62 libcurl-compat High multiple issues
03 Nov 2016 ASA-201611-7 AVG-60 curl High multiple issues
02 Nov 2016 ASA-201611-5 AVG-63 lib32-libcurl-compat High multiple issues
02 Nov 2016 ASA-201611-4 AVG-61 lib32-curl High multiple issues
03 Nov 2016 ASA-201611-10 AVG-66 lib32-libcurl-gnutls High multiple issues
References
https://curl.haxx.se/docs/adv_20161102I.html