Lucene search

K
mageiaGentoo FoundationMGASA-2013-0188
HistoryJun 26, 2013 - 10:44 p.m.

Updated curl packages fix CVE-2013-2174

2013-06-2622:44:41
Gentoo Foundation
advisories.mageia.org
22

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.093

Percentile

94.7%

libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curl_easy_unescape() decodes URL encoded strings to raw binary data. URL encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal number. The decoded string is written to an allocated memory area that the function returns to the caller (CVE-2013-2174)

OSVersionArchitecturePackageVersionFilename
Mageia2noarchcurl< 7.24.0-1.2curl-7.24.0-1.2.mga2
Mageia3noarchcurl< 7.28.1-6.1curl-7.28.1-6.1.mga3

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.093

Percentile

94.7%