CVE-2016-8623 LOW

CVE-2016-8623

Vendor The Curl Project
Product curl
Weakness CWE-416
Published August 1, 2018
Last update April 16, 2026

CVSS base score

3.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.

Key dates

02Disclosure timeline

August 1, 2018 CVE published
April 16, 2026 Record updated