{"id":"MGASA-2016-0316","summary":"Updated curl packages fix security vulnerability","details":"The four libcurl functions curl_escape(), curl_easy_escape(),\ncurl_unescape and curl_easy_unescape perform string URL percent escaping\nand unescaping. They accept custom string length inputs in signed integer\narguments. The provided string length arguments were not properly checked\nand due to arithmetic in the functions, passing in the length 0xffffffff\n(2^32-1 or UINT_MAX or even just -1) would end up causing an allocation of\nzero bytes of heap memory that curl would attempt to write gigabytes of\ndata into (CVE-2016-7167).\n","modified":"2026-01-30T18:58:14.308040Z","published":"2016-09-21T20:38:22Z","related":["CVE-2016-7167"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0316.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19360"},{"type":"REPORT","url":"https://curl.haxx.se/docs/adv_20160914.html"}],"affected":[{"package":{"name":"curl","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/curl?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.40.0-3.5.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0316.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}