suse · CVE-2016-8616

Quick triage

Priority: low Published: 2021-05-30 13:46:45 UTC Updated: 2026-04-18 15:58:13 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2016-8616 severity low: SUSE including 334 source package names (0.9.1:libcurl4-7.37.0-31.1, 1.0.0:libcurl4-7.37.0-31.1, …), 397 product×package rows across 66 product lines (Container caasp/v4/default-http-backend, Container caasp/v4/dnsmasq-nanny, … (66 product lines)): Fixed 225, Known Affected 157, Known Not Affected 15.

Description:

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.

cvelogic Threat Intelligence