vulnerability
Arch Linux: Arbitrary code execution (CVE-2016-8623)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Aug 1, 2018 | Jul 11, 2025 | Nov 27, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Aug 1, 2018
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
libcurl explicitly allows users to share cookies between multiple easy handles that are concurrently employed by different threads.
When cookies to be sent to a server are collected, the matching function collects all cookies to send and the cookie lock is released immediately afterwards. That function however only returns a list with references back to the original strings for name, value, path and so on. Therefore, if another thread quickly takes the lock and frees one of the original cookie structs together with its strings, a use-after-free can occur possibly leading to arbitrary code execution. Another thread can also replace the contents of the cookies from separate HTTP responses or API calls.
When cookies to be sent to a server are collected, the matching function collects all cookies to send and the cookie lock is released immediately afterwards. That function however only returns a list with references back to the original strings for name, value, path and so on. Therefore, if another thread quickly takes the lock and frees one of the original cookie structs together with its strings, a use-after-free can occur possibly leading to arbitrary code execution. Another thread can also replace the contents of the cookies from separate HTTP responses or API calls.
Solution
arch-linux-upgrade-latest
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.