CVE-2016-8621 MEDIUM

CVE-2016-8621

Vendor The Curl Project
Product curl
Weakness CWE-125
Published July 31, 2018
Last update April 16, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.

Key dates

02Disclosure timeline

July 31, 2018 CVE published
April 16, 2026 Record updated