ALPINE-CVE-2016-8622

ALPINE-CVE-2016-8622 PUBLISHED CVSS 9.800000190734863 CRITICAL

The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.

Risk Scores

CVSS v3.0

9.800000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.21	curl	0, 7.50.3-r1, 7.50.3-r0
Alpine:v3.5	curl	7.21.7-r0, 7.19.4-r0, 7.19.5-r0
Alpine:v3.15	curl	7.19.4-r0, 7.19.2-r0, 7.50.3-r1
Alpine:v3.7	curl	0, 7.50.3-r1, 7.50.3-r0
Alpine:v3.4	curl	7.37.1-r0, 7.20.1-r0, 7.19.2-r0
Alpine:v3.20	curl	7.48.0-r0, 7.35.0-r0, 7.49.0-r0
Alpine:v3.18	curl	7.22.0-r0, 0, 7.19.2-r0
Alpine:v3.3	curl	7.34.0-r1, 7.36.0-r0, 7.37.0-r0
Alpine:v3.2	curl	0, 7.49.1-r3, 7.49.1-r2
Alpine:v3.22	curl	7.46.0-r0, 7.19.2-r1, 7.19.4-r0
Alpine:v3.10	curl	7.50.3-r1, 7.19.2-r1, 0
Alpine:v3.19	curl	7.50.3-r1, 0, 7.19.2-r0
Alpine:v3.6	curl	0, 7.19.2-r0, 7.19.2-r1
Alpine:v3.23	curl	7.50.3-r1, 7.19.2-r0, 7.19.2-r1
Alpine:v3.17	curl	7.20.1-r0, 0, 7.19.4-r0
Alpine:v3.9	curl	7.50.3-r1, 0, 7.19.4-r0
Alpine:v3.11	curl	0, 7.50.3-r1, 7.50.3-r0
Alpine:v3.16	curl	7.19.2-r0, 7.19.4-r0, 7.19.5-r0
Alpine:v3.8	curl	7.50.3-r1, 7.50.3-r0, 7.50.2-r0
Alpine:v3.14	curl	0, 7.50.3-r1, 7.50.3-r0

…and 2 more

Timeline

Jul 31, 2018 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2016-8622 advisory

Open in Interactive Console →