CVE-2016-9594
Advisory lineage Upstream: 0 Downstream: 2
Downstream
Modified
Published: 23 Apr 2018, 19:00
Last modified:15 Apr 2026, 21:03
Vulnerability Summary
Overall Risk (default)
medium
33/100 CVSS Score
8.1 HIGH
v3.0 (nvd)
EPSS Score
0.69% LOW
1% probability -0.39%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
23 Apr 2018, 19:00
Published
Vulnerability first disclosed
15 Apr 2026, 21:03
Last Modified
Vulnerability information updated
Description
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
CVSS Metrics
- v3.0•MEDIUM•Score: 6.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- v3.0•HIGH•Score: 8.1CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 0.69%• Percentile: 72%
Techniques & Countermeasures
- CWE-665•Improper Initialization
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Affected Systems
- haxx•curl
< 7.52.1
- unspecified•curl
curl 7.52.1