INFO ---- The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2016-XXXX to this issue. AFFECTED VERSIONS ----------------- This flaw exists in the following curl versions. - Affected versions: curl 7.7 to and including 7.50.3 - Not affected versions: curl < 7.7 and curl >= 7.51.0 libcurl is used by many applications, but not always advertised as such! THE SOLUTION ------------ In version 7.51.0, these functions will deny negative string lengths from being used. A [patch for CVE-2016-XXXX](https://curl.haxx.se/s3c/B.patch) is available. RECOMMENDATIONS --------------- We suggest you take one of the following actions immediately, in order of preference: A - Upgrade curl and libcurl to version 7.51.0 B - Apply the patch to your version and rebuild
