A remote attacker could entice a user or automated process to connect to a malicious server using cURL, possibly resulting in the remote execution of arbitrary code or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All cURL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.34.0-r1"

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/curl< 7.34.0-r1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	net-misc/curl	< 7.34.0-r1	UNKNOWN

nessus 55

openvas 62

fedora 15

freebsd 2

securityvulns 10

prion 4

packetstorm 1

ubuntucve 4

debian 5

ubuntu 4

checkpoint_advisories 1

exploitpack 1

slackware 2

zdt 1

seebug 3

cve 4

debiancve 4

altlinux 1

mageia 1

centos 2

veracode 3

oraclelinux 2

f5 2

osv 1

redhat 2

amazon 1

exploitdb 1

ibm 4

kaspersky 1

nessus

GLSA-201401-14 : cURL: Multiple vulnerabilities

2014-01-21 00:00:00

OracleVM 3.2 : curl (OVMSA-2016-0056)

2016-06-22 00:00:00

SuSE 10 Security Update : libcurl4 (ZYPP Patch Number 8618) (BEAST)

2013-07-10 00:00:00

openvas

Gentoo Security Advisory GLSA 201401-14

2015-09-29 00:00:00

Fedora Update for curl FEDORA-2013-11574

2013-07-16 00:00:00

Fedora Update for curl FEDORA-2013-11574

2013-07-16 00:00:00

fedora

[SECURITY] Fedora 18 Update: curl-7.27.0-11.fc18

2013-07-12 03:15:08

[SECURITY] Fedora 18 Update: curl-7.27.0-8.fc18

2013-04-18 02:34:31

[SECURITY] Fedora 18 Update: curl-7.27.0-9.fc18

2013-05-06 03:49:09

freebsd

cURL library -- cert name check ignore with GnuTLS

2013-12-17 00:00:00

cURL library -- heap corruption in curl_easy_unescape

2013-06-22 00:00:00

securityvulns

cURL buffer overflow

2013-02-11 00:00:00

[slackware-security] curl (SSA:2013-038-01)

2013-02-11 00:00:00

[USN-2058-1] curl vulnerability

2013-12-23 00:00:00

prion

Stack overflow

2013-03-08 22:55:00

Design/Logic Flaw

2013-12-23 22:55:00

Heap overflow

2013-07-31 13:20:00

packetstorm

cURL Buffer Overflow

2013-02-08 00:00:00

ubuntucve

CVE-2013-0249

2013-02-08 00:00:00

CVE-2013-1944

2013-04-12 00:00:00

CVE-2013-2174

2013-06-24 00:00:00

debian

[SECURITY] [DSA 2824-1] curl security update

2013-12-19 18:51:05

[SECURITY] [DSA 2824-1] curl security update

2013-12-19 18:51:05

[SECURITY] [DSA 2713-1] curl security update

2013-06-24 21:18:14

ubuntu

curl vulnerability

2013-12-18 00:00:00

curl vulnerability

2013-02-12 00:00:00

curl vulnerability

2013-07-02 00:00:00

checkpoint_advisories

cURL and libcurl MD5 Digest Buffer Overflow (CVE-2013-0249)

2013-02-27 00:00:00

exploitpack

cURL - Buffer Overflow (PoC)

2013-02-11 00:00:00

slackware

curl

2013-02-07 21:17:38

[slackware-security] curl

2013-06-23 22:07:06

zdt

cURL Buffer Overflow Vulnerability

2013-02-08 00:00:00

seebug

cURL Buffer Overflow Vulnerability

2014-07-01 00:00:00

cURL/libcURL 'curl_easy_unescape()'堆内存破坏漏洞

2013-06-26 00:00:00

curl / libcURL "tailmatch()" Cookie信息泄露漏洞

2013-04-17 00:00:00

cve

CVE-2013-0249

2013-03-08 22:55:00

CVE-2013-6422

2013-12-23 22:55:00

CVE-2013-2174

2013-07-31 13:20:00

debiancve

CVE-2013-0249

2013-03-08 22:55:00

CVE-2013-6422

2013-12-23 22:55:00

CVE-2013-1944

2013-04-29 22:55:00

altlinux

Security fix for the ALT Linux 6 package curl version 7.24.0-alt1.M60P.1

2013-06-24 00:00:00

mageia

Updated curl packages fix CVE-2013-2174

2013-06-26 22:44:41

centos

curl, libcurl security update

2013-06-26 02:20:36

curl, libcurl security update

2013-04-24 20:52:14

veracode

Denial Of Service (DoS)

2019-01-15 08:55:13

Information Disclosure

2019-01-15 08:52:26

Denial Of Service (DoS)

2018-07-25 05:49:29

oraclelinux

curl security update

2013-06-25 00:00:00

curl security update

2013-04-24 00:00:00

SOL15875 - cURL vulnerability CVE-2013-1944

2014-11-27 00:00:00

K15875 : cURL vulnerability CVE-2013-1944

2014-11-27 00:00:00

osv

curl - cookie leak vulnerability

2013-04-20 00:00:00

redhat

(RHSA-2013:0771) Moderate: curl security update

2013-04-24 00:00:00

(RHSA-2013:0983) Moderate: curl security update

2013-06-25 00:00:00

amazon

Medium: curl

2013-07-12 15:32:00

exploitdb

cURL - Buffer Overflow (PoC)

2013-02-11 00:00:00

ibm

Security Bulletin: Vulnerabilities in cURL affect System x Integrated Management Module (IMM) (CVE-2013-2174, CVE-2014-0015, CVE-2014-138, CVE-2014-0139)

2019-01-31 01:35:01

Security Bulletin: Vulnerabilities in cURL affect System x Integrated Management Module (IMM) (CVE-2013-2174, CVE-2014-0015, CVE-2014-0138, CVE-2014-0139)

2019-01-31 01:35:01

Security Bulletin: Vulnerabilities in curl affect IBM Flex System Manager (FSM): (CVE-2013-2174 CVE-2013-4545 CVE-2014-0015 CVE-2014-0138 CVE-2014-013)

2019-01-31 01:30:01

kaspersky

KLA10458 Multiple vulnerabilities in HP SMH

2014-01-10 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.923 High

EPSS

Percentile

98.9%

JSON

Related for GLSA-201401-14