View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-8616 severity low: SUSE including 334 source package names (0.9.1:libcurl4-7.37.0-31.1, 1.0.0:libcurl4-7.37.0-31.1, …), 397 product×package rows across 66 product lines (Container caasp/v4/default-http-backend, Container caasp/v4/dnsmasq-nanny, … (66 product lines)): Fixed 225, Known Affected 157, Known Not Affected 15.
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.