CURL-CVE-2016-9953
- Source
- https://curl.se/docs/CVE-2016-9953.html
- Import Source
- https://curl.se/docs/CURL-CVE-2016-9953.json
- JSON Data
- https://api.osv.dev/v1/vulns/CURL-CVE-2016-9953
- Aliases
- Published
- 2016-12-21T08:00:00Z
- Modified
- 2026-05-27T02:29:31.601332Z
- Summary
- Win CE Schannel cert name out of buffer read
- Details
-
curl's TLS server certificate checks are flawed on Windows CE.
This vulnerability occurs in the verify certificate function when comparing a wildcard certificate name (as returned by the Windows API function
CertGetNameString()to the hostname used to make the connection to the server.The pattern matching logic exhibits an out of bounds read. If the wildcard certificate name field is longer than the connection hostname, the wildcard comparison code performs an access out of bounds of the connection hostname heap based buffer. This issue could technically leak the contents of memory immediately preceding the connection hostname buffer, a crash or at worst happen to match against another piece of data.
- Database specific
{ "severity": "Medium", "www": "https://curl.se/docs/CVE-2016-9953.html", "CWE": { "id": "CWE-126", "desc": "Buffer Over-read" }, "URL": "https://curl.se/docs/CVE-2016-9953.json", "affects": "both", "package": "curl", "last_affected": "7.51.0" }- References
-
- Credits
-
-
- Dan McNulty - FINDER
-
- Dan McNulty - REMEDIATION_DEVELOPER
-
Affected packages
Git / github.com/curl/curl.git
Affected ranges
- Type
- SEMVER
- Events
-
Introduced7.27.0Fixed7.52.0
- Type
- GIT
- Repo
- https://github.com/curl/curl.git
- Events
Affected versions
7.*
7.27.0
7.28.0
7.28.1
7.29.0
7.30.0
7.31.0
7.32.0
7.33.0
7.34.0
7.35.0
7.36.0
7.37.0
7.37.1
7.38.0
7.39.0
7.40.0
7.41.0
7.42.0
7.42.1
7.43.0
7.44.0
7.45.0
7.46.0
7.47.0
7.47.1
7.48.0
7.49.0
7.49.1
7.50.0
7.50.1
7.50.2
7.50.3
7.51.0
Other
curl-7_27_0
curl-7_28_0
curl-7_28_1
curl-7_29_0
curl-7_30_0
curl-7_31_0
curl-7_32_0
curl-7_33_0
curl-7_34_0
curl-7_35_0
curl-7_36_0
curl-7_37_0
curl-7_37_1
curl-7_38_0
curl-7_39_0
curl-7_40_0
curl-7_41_0
curl-7_42_0
curl-7_42_1
curl-7_43_0
curl-7_44_0
curl-7_45_0
curl-7_46_0
curl-7_47_0
curl-7_47_1
curl-7_48_0
curl-7_49_0
curl-7_49_1
curl-7_50_0
curl-7_50_1
curl-7_50_2
curl-7_50_3
curl-7_51_0
Database specific
source
"https://curl.se/docs/CURL-CVE-2016-9953.json"
vanir_signatures_modified
"2026-05-27T02:29:31Z"
vanir_signatures
[
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/curl/curl.git/commit/0354eed41085baa5ba8777019ebf5e9ef32c001d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"205524922427009142092329746194296301296",
"199659484685953394476033780694048256086",
"319454527912153297534765653237737497323"
]
},
"id": "CURL-CVE-2016-9953-5d6d422e",
"deprecated": false,
"target": {
"file": "lib/hostcheck.c"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/curl/curl.git/commit/0354eed41085baa5ba8777019ebf5e9ef32c001d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"150098010871299960967475825459014413254",
"29482216659984255030632284885423130433",
"139513438769375594031498428448794543102",
"255506940907250927765238784898403167439",
"16528875991472234044274747557173461744",
"7585438710479537423389574216818287957",
"199125231797015778425215502061839063177",
"59653889706459305929517045759832339130",
"196118495901722409444921193248981049467",
"206118816515092965637520181877671786992",
"52196858378859519895859308658981567416",
"24208365013052622297812436567507976368",
"139561215638307207349461995898958836595",
"264255290954398595448474109450262938898",
"332045508952663816023019178451836265184",
"181488783880319831691898170345313222653",
"234956634999927652043651192778338038662",
"215483567212584823736504756699492061783",
"156415346622443238952689757478762018452",
"24622318950237847393734259369763690665",
"311072773299183515631733677707820851786",
"218476483258085751932422448802479165563",
"217883539291417928317649107871075605553",
"167379855311811115423431505494861739463",
"107589647177978306638443563084373231366",
"28538989716414364987854802797590259542",
"46693703378782683166813180100774641054",
"148271529755481847727773103124516167164",
"177656538706772507547214640830132217648",
"148253337416564344661637505823147719146",
"315143373619755128458417047816135754896",
"316883128114283500964648272248806350592",
"106895595920883778487462263390604852785",
"245564581841782007827293308528463668887",
"171403060266897201546874415986419373304",
"247042799669432097322078161036513765338",
"158058238526733558160436843435885493942",
"207666221599029234538185429343527587964",
"142157709541637984123268259806548525339"
]
},
"id": "CURL-CVE-2016-9953-9e335752",
"deprecated": false,
"target": {
"file": "lib/vtls/schannel.c"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/0354eed41085baa5ba8777019ebf5e9ef32c001d",
"digest": {
"function_hash": "332428641151424337988063638128373931609",
"length": 3031.0
},
"id": "CURL-CVE-2016-9953-b7068b8a",
"deprecated": false,
"target": {
"file": "lib/vtls/schannel.c",
"function": "verify_certificate"
}
}
]