Bug 1408385 (CVE-2016-9594) - CVE-2016-9594 curl: Unitialized random
Summary: CVE-2016-9594 curl: Unitialized random
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2016-9594
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-12-23 08:33 UTC by Andrej Nemec
Modified: 2021-02-17 02:50 UTC (History)
30 users (show)

Fixed In Version: curl 7.52.1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-12-23 08:34:22 UTC
Embargoed:

Attachments (Terms of Use)

Description Andrej Nemec 2016-12-23 08:33:06 UTC 
libcurl's (new) internal function that returns a good 32bit random value was
implemented poorly and overwrote the pointer instead of writing the value into
the buffer the pointer pointed to.

This random value is used to generate nonces for Digest and NTLM
authentication, for generating boundary strings in HTTP formposts and
more. Having a weak or virtually non-existent random there makes these
operations vulnerable.

This function is brand new in 7.52.0

External References:

https://curl.haxx.se/docs/adv_20161223.html

Upstream patch:

https://curl.haxx.se/CVE-2016-9594.patch
Comment 1 Andrej Nemec 2016-12-23 08:33:34 UTC 
Acknowledgments:

Name: Kamil Dudka (Red Hat)
Comment 2 Andrej Nemec 2016-12-23 08:34:22 UTC 
Vulnerable version is not shipped anywhere across our products.
Note You need to log in before you can comment on or make changes to this bug.