Vulnerability
curl/libcurl: double free in curl_maprintf
The libcurl API function called `curl_maprintf()` can be tricked into doing a double free due to an unsafe `size_t` multiplication, on systems using 32-bit `size_t` variables. The function is also used internally in numerous situations. The function doubles an allocated memory area with realloc() and allows the size to wrap and become zero and when doing so realloc() returns NULL *and* frees the memory - in contrary to normal realloc() fails where it only returns NULL - causing libcurl to free the memory *again* in the error path. Systems with 64-bit versions of the `size_t` type are not affected by this issue. This behavior can be triggered using the publicly exposed function.
No CVSS base score from NVD or GHSA yet. NVD typically scores within 24–72 hours of publication; GHSA usually within a day for OSS-flagged CVEs. Last record update .
For interim severity, fall back on KEV / EXPLOIT signals and the EPSS percentile (lower panel). Re-check this CVE after one cron tick — the score lands automatically when the source publishes.
Mid-pack — moderate exploitation likelihood.
No VEX statements published for CVE-2016-8618. Vendors publish VEX (Vulnerability Exploitability eXchange) to assert per-product whether a CVE is actually exploitable in their distribution.
No exploitation, limited impact or prevalence