{"id":"CURL-CVE-2016-8619","summary":"double free in krb5 code","details":"In curl's implementation of the Kerberos authentication mechanism, the\nfunction `read_data()` in security.c is used to fill the necessary krb5\nstructures. When reading one of the length fields from the socket, it fails to\nensure that the length parameter passed to realloc() is not set to 0.\n\nThis would lead to realloc() getting called with a zero size and when doing so\nrealloc() returns NULL *and* frees the memory - in contrary to normal\nrealloc() fails where it only returns NULL - causing libcurl to free the\nmemory *again* in the error path.\n\nThis flaw could be triggered by a malicious or just otherwise ill-behaving\nserver.","aliases":["CVE-2016-8619"],"modified":"2026-04-25T20:38:52.534832Z","published":"2016-11-02T08:00:00Z","database_specific":{"severity":"High","CWE":{"id":"CWE-415","desc":"Double Free"},"package":"curl","www":"https://curl.se/docs/CVE-2016-8619.html","URL":"https://curl.se/docs/CVE-2016-8619.json","last_affected":"7.50.3","affects":"both"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.3"},{"fixed":"7.51.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"def69c30879c0246bccb02d79e06b937e39d0ba4"},{"fixed":"3d6460edeee21d7d790ec570d0887bed1f4366dd"}]}],"versions":["7.50.3","7.50.2","7.50.1","7.50.0","7.49.1","7.49.0","7.48.0","7.47.1","7.47.0","7.46.0","7.45.0","7.44.0","7.43.0","7.42.1","7.42.0","7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0","7.36.0","7.35.0","7.34.0","7.33.0","7.32.0","7.31.0","7.30.0","7.29.0","7.28.1","7.28.0","7.27.0","7.26.0","7.25.0","7.24.0","7.23.1","7.23.0","7.22.0","7.21.7","7.21.6","7.21.5","7.21.4","7.21.3","7.21.2","7.21.1","7.21.0","7.20.1","7.20.0","7.19.7","7.19.6","7.19.5","7.19.4","7.19.3","7.19.2","7.19.1","7.19.0","7.18.2","7.18.1","7.18.0","7.17.1","7.17.0","7.16.4","7.16.3","7.16.2","7.16.1","7.16.0","7.15.5","7.15.4","7.15.3","7.15.2","7.15.1","7.15.0","7.14.1","7.14.0","7.13.2","7.13.1","7.13.0","7.12.3","7.12.2","7.12.1","7.12.0","7.11.2","7.11.1","7.11.0","7.10.8","7.10.7","7.10.6","7.10.5","7.10.4","7.10.3","7.10.2","7.10.1","7.10","7.9.8","7.9.7","7.9.6","7.9.5","7.9.4","7.9.3","7.9.2","7.9.1","7.9","7.8.1","7.8","7.7.3","7.7.2","7.7.1","7.7","7.6.1","7.6","7.5.2","7.5.1","7.5","7.4.2","7.4.1","7.4","7.3"],"database_specific":{"vanir_signatures_modified":"2026-04-25T20:38:52Z","vanir_signatures":[{"id":"CURL-CVE-2016-8619-5abfceb1","target":{"file":"lib/security.c"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["69876899193120025980619404752203106758","105464226463918177475810286712361684742","216287641845833800772199404639865579342","320816391842693179551630593835666983911","29260199323189043931958394750686272400","185170358244307716716958314439515885161","128873655691701504350011027769561314425","231562381625869764202844943972892274129","36467259855339397374507378998927828667","319295444481991076226686737825135782858"]},"source":"https://github.com/curl/curl.git/commit/3d6460edeee21d7d790ec570d0887bed1f4366dd","deprecated":false,"signature_type":"Line"},{"id":"CURL-CVE-2016-8619-64d46b08","target":{"function":"read_data","file":"lib/security.c"},"signature_version":"v1","digest":{"function_hash":"117825840141924449848413241010101018922","length":550},"source":"https://github.com/curl/curl.git/commit/3d6460edeee21d7d790ec570d0887bed1f4366dd","deprecated":false,"signature_type":"Function"}],"source":"https://curl.se/docs/CURL-CVE-2016-8619.json"}}],"schema_version":"1.7.5","credits":[{"name":"Cure53","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}