libcurl's (new) internal function that returns a good 32bit random value was
implemented poorly and overwrote the pointer instead of writing the value into
the buffer the pointer pointed to.
This random value is used to generate nonces for Digest and NTLM
authentication, for generating boundary strings in HTTP formposts and
more. Having a weak or virtually non-existent random there makes these
This function is brand new in 7.52.0
Name: Kamil Dudka (Red Hat)
Vulnerable version is not shipped anywhere across our products.