cvedb.io
CVE-2016-8622
LOW · CVSS 3.7
EPSS exploitation probability: 0%
Published 2018-07-31T21:29:00.317 · Last modified 2026-06-17T00:54:37.527

Summary

The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.

Affected products

haxx — libcurl

Does this affect you?

Add your gear to cvedb and we'll alert you only when haxx ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.