{"id":"CURL-CVE-2016-8623","summary":"Use after free via shared cookies","details":"libcurl explicitly allows users to share cookies between multiple easy handles\nthat are concurrently employed by different threads.\n\nWhen cookies to be sent to a server are collected, the matching function\ncollects all cookies to send and the cookie lock is released immediately\nafterwards. That function however only returns a list with *references* back\nto the original strings for name, value, path and so on. Therefore, if another\nthread quickly takes the lock and frees one of the original cookie structs\ntogether with its strings, a use after free can occur and lead to information\ndisclosure. Another thread can also replace the contents of the cookies from\nseparate HTTP responses or API calls.","aliases":["CVE-2016-8623"],"modified":"2026-04-25T20:38:52.996881Z","published":"2016-11-02T08:00:00Z","database_specific":{"CWE":{"id":"CWE-416","desc":"Use After Free"},"package":"curl","affects":"lib","URL":"https://curl.se/docs/CVE-2016-8623.json","last_affected":"7.50.3","severity":"High","www":"https://curl.se/docs/CVE-2016-8623.html"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.10.7"},{"fixed":"7.51.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"41ae97e710f728495a1d6adba6476c21b94c4881"},{"fixed":"c5be3d7267c725dbd093ff3a883e07ee8cf2a1d5"}]}],"versions":["7.50.3","7.50.2","7.50.1","7.50.0","7.49.1","7.49.0","7.48.0","7.47.1","7.47.0","7.46.0","7.45.0","7.44.0","7.43.0","7.42.1","7.42.0","7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0","7.36.0","7.35.0","7.34.0","7.33.0","7.32.0","7.31.0","7.30.0","7.29.0","7.28.1","7.28.0","7.27.0","7.26.0","7.25.0","7.24.0","7.23.1","7.23.0","7.22.0","7.21.7","7.21.6","7.21.5","7.21.4","7.21.3","7.21.2","7.21.1","7.21.0","7.20.1","7.20.0","7.19.7","7.19.6","7.19.5","7.19.4","7.19.3","7.19.2","7.19.1","7.19.0","7.18.2","7.18.1","7.18.0","7.17.1","7.17.0","7.16.4","7.16.3","7.16.2","7.16.1","7.16.0","7.15.5","7.15.4","7.15.3","7.15.2","7.15.1","7.15.0","7.14.1","7.14.0","7.13.2","7.13.1","7.13.0","7.12.3","7.12.2","7.12.1","7.12.0","7.11.2","7.11.1","7.11.0","7.10.8","7.10.7"],"database_specific":{"vanir_signatures":[{"deprecated":false,"id":"CURL-CVE-2016-8623-19d4743c","source":"https://github.com/curl/curl.git/commit/c5be3d7267c725dbd093ff3a883e07ee8cf2a1d5","signature_type":"Function","target":{"function":"Curl_cookie_cleanup","file":"lib/cookie.c"},"signature_version":"v1","digest":{"function_hash":"177480805511348010839002178038820145454","length":146}},{"deprecated":false,"id":"CURL-CVE-2016-8623-1c8e2d94","source":"https://github.com/curl/curl.git/commit/c5be3d7267c725dbd093ff3a883e07ee8cf2a1d5","signature_type":"Line","target":{"file":"lib/cookie.h"},"signature_version":"v1","digest":{"line_hashes":["94576883660926785402051766470788784684","98133636392656808293540217109383809803","330054786837398613498893107474960270385","262530475838869603294873074465789716260","89670776507343356930977542012472611327"],"threshold":0.9}},{"deprecated":false,"id":"CURL-CVE-2016-8623-24888e71","source":"https://github.com/curl/curl.git/commit/c5be3d7267c725dbd093ff3a883e07ee8cf2a1d5","signature_type":"Line","target":{"file":"lib/cookie.c"},"signature_version":"v1","digest":{"line_hashes":["291512818806243377981805011340984740126","236687239981651546406322995772152553770","184049739219249913186505779661534077664","211180055067366803349033212157372845799","214586419585997379247673802127943215469","50207798356989955690271320627780045145","80938580632071485166654494958305481923","52752092919805114673865672273245131231","122777988952992856668137288867562268705","226898548424316682739604414752235209286","126652733816890146006960286123266755091","11470038790654704786765097754853869292","226790024936707861514235741540253525582","256203084583505545606542519700626900855","109538588884300928955626580692100771102","272850778902348204472381760421781013646","67285741456772442012070940876174401461","256548499216434642778890602657819621346","254742258870146659112422410654451857439","126952067871521750569535128267995567854","299976291246814156328283957064168417560","30220257090525348498130906478060388860","250801280524809389991684401126763725914","23600832991221329304539707835936344313","291686685489691939957439766095374874421","218659387833439788688625700084881833414","284880309552635427134038785907482123026","308121340973356247315433409297856162146","44927363077320982091076132764276187309","119455102042000691034528956951243107492","56705371398227486309514116777277421301","209148117100728707679289541687407718480","152666299844515263114341057436582775178","165856248968001144679351152860546308804","57116032738490580659698453969833851791","7706779600508907297078288913904138610","279166351216707584751840044136145466638"],"threshold":0.9}},{"deprecated":false,"id":"CURL-CVE-2016-8623-7df983fd","source":"https://github.com/curl/curl.git/commit/c5be3d7267c725dbd093ff3a883e07ee8cf2a1d5","signature_type":"Function","target":{"function":"Curl_cookie_getlist","file":"lib/cookie.c"},"signature_version":"v1","digest":{"function_hash":"177155206249589770279717678324494247704","length":1348}},{"deprecated":false,"id":"CURL-CVE-2016-8623-8041ab96","source":"https://github.com/curl/curl.git/commit/c5be3d7267c725dbd093ff3a883e07ee8cf2a1d5","signature_type":"Function","target":{"function":"Curl_http","file":"lib/http.c"},"signature_version":"v1","digest":{"function_hash":"288748130743108654551779948688252879730","length":19324}},{"deprecated":false,"id":"CURL-CVE-2016-8623-8c2156ca","source":"https://github.com/curl/curl.git/commit/c5be3d7267c725dbd093ff3a883e07ee8cf2a1d5","signature_type":"Function","target":{"function":"Curl_cookie_freelist","file":"lib/cookie.c"},"signature_version":"v1","digest":{"function_hash":"293624403663990740895739774145376037590","length":179}},{"deprecated":false,"id":"CURL-CVE-2016-8623-ad9e4ccd","source":"https://github.com/curl/curl.git/commit/c5be3d7267c725dbd093ff3a883e07ee8cf2a1d5","signature_type":"Line","target":{"file":"lib/http.c"},"signature_version":"v1","digest":{"line_hashes":["195744683021307321373091673240830809353","195561597212400334746633028083228516782","315954831076496102806852733282833424193","64625772878659104678128282527315165567"],"threshold":0.9}},{"deprecated":false,"id":"CURL-CVE-2016-8623-f05ab2ed","source":"https://github.com/curl/curl.git/commit/c5be3d7267c725dbd093ff3a883e07ee8cf2a1d5","signature_type":"Function","target":{"function":"Curl_cookie_clearall","file":"lib/cookie.c"},"signature_version":"v1","digest":{"function_hash":"149462472186955670041145034488237604387","length":140}}],"source":"https://curl.se/docs/CURL-CVE-2016-8623.json","vanir_signatures_modified":"2026-04-25T20:38:52Z"}}],"schema_version":"1.7.5","credits":[{"name":"Cure53","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}