CVE-2016-8624
Description
curl before 7.51.0 incorrectly parses URLs with '#' in the hostname, allowing attackers to redirect connections to a different host.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
curl before 7.51.0 incorrectly parses URLs with '#' in the hostname, allowing attackers to redirect connections to a different host.
## Vulnerability curl versions prior to 7.51.0 fail to correctly parse the authority component of a URL when the host name part ends with a '#' character. For example, the URL http://example.com#@evil.com/x.txt would cause curl to connect to evil.com instead of example.com, while a browser would connect to example.com [4]. This issue affects most protocol schemes and can be exploited remotely without authentication.
Exploitation
An attacker can craft a malicious URL that appears to target a legitimate domain but actually directs curl to a different host. The attacker only needs to trick the victim into using curl with the crafted URL, e.g., via a redirect or by embedding the URL in a page or script. No special network position or authentication is required.
Impact
Successful exploitation allows an attacker to cause curl to connect to an unintended host, potentially bypassing security checks that rely on domain whitelisting. This could lead to information disclosure, data corruption, or further attacks depending on how curl is used in the application [2][3].
Mitigation
The vulnerability is fixed in curl version 7.51.0 [4]. Red Hat has released updates via RHSA-2018:3558 and RHSA-2018:2486 for affected products [1][2]. Tenable addressed the issue in LCE 4.8.2 [3]. Users should upgrade curl to 7.51.0 or later, or apply the relevant vendor patches.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
12- osv-coords10 versionspkg:rpm/opensuse/curl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/curl&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/curl-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011-SECURITY
< 7.51.0-1.1+ 9 more
- (no CPE)range: < 7.51.0-1.1
- (no CPE)range: < 7.37.0-31.1
- (no CPE)range: < 7.19.7-1.64.1
- (no CPE)range: < 7.37.0-31.1
- (no CPE)range: < 7.19.7-1.64.1
- (no CPE)range: < 7.37.0-31.1
- (no CPE)range: < 7.19.7-1.64.1
- (no CPE)range: < 7.37.0-31.1
- (no CPE)range: < 7.19.7-1.20.47.2
- (no CPE)range: < 7.19.7-1.64.1
- The Curl Project/curlv5Range: 7.51.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- access.redhat.com/errata/RHSA-2018:2486mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2018:3558mitrevendor-advisoryx_refsource_REDHAT
- security.gentoo.org/glsa/201701-47mitrevendor-advisoryx_refsource_GENTOO
- www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlmitrex_refsource_CONFIRM
- www.securityfocus.com/bid/94103mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1037192mitrevdb-entryx_refsource_SECTRACK
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- curl.haxx.se/docs/adv_20161102J.htmlmitrex_refsource_MISC
- lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rfaa4d578587f52a9c4d176af516a681a712c664e3be440a4163691d5%40%3Ccommits.pulsar.apache.org%3Emitremailing-listx_refsource_MLIST
- www.tenable.com/security/tns-2016-21mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.