Lucene search

[email protected]NVD:CVE-2010-0734

HistoryMar 19, 2010 - 7:30 p.m.

CVE-2010-0734

2010-03-1919:30:00

CWE-264

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.044 Low

EPSS

Percentile

92.4%

JSON

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.

Affected configurations

NVD

Node

curllibcurlMatch7.10.5

curllibcurlMatch7.10.6

curllibcurlMatch7.10.7

curllibcurlMatch7.10.8

curllibcurlMatch7.11.0

curllibcurlMatch7.11.1

curllibcurlMatch7.11.2

curllibcurlMatch7.12

curllibcurlMatch7.12.0

curllibcurlMatch7.12.1

curllibcurlMatch7.12.2

curllibcurlMatch7.12.3

curllibcurlMatch7.13

curllibcurlMatch7.13.1

curllibcurlMatch7.13.2

curllibcurlMatch7.14

curllibcurlMatch7.14.1

curllibcurlMatch7.15

curllibcurlMatch7.15.1

curllibcurlMatch7.15.2

curllibcurlMatch7.15.3

curllibcurlMatch7.16.3

curllibcurlMatch7.17.0

curllibcurlMatch7.17.1

curllibcurlMatch7.18.0

curllibcurlMatch7.18.1

curllibcurlMatch7.18.2

curllibcurlMatch7.19.0

curllibcurlMatch7.19.1

curllibcurlMatch7.19.2

curllibcurlMatch7.19.3

curllibcurlMatch7.19.4

curllibcurlMatch7.19.5

curllibcurlMatch7.19.6

curllibcurlMatch7.19.7

References

curl.haxx.se/docs/adv_20100209.html

curl.haxx.se/docs/security.html#20100209

curl.haxx.se/libcurl-contentencoding.patch

lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html

lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html

secunia.com/advisories/38843

secunia.com/advisories/38981

secunia.com/advisories/39087

secunia.com/advisories/39734

secunia.com/advisories/40220

secunia.com/advisories/45047

secunia.com/advisories/48256

security.gentoo.org/glsa/glsa-201203-02.xml

support.apple.com/kb/HT4188

support.avaya.com/css/P8/documents/100081819

wiki.rpath.com/Advisories:rPSA-2010-0072

www.debian.org/security/2010/dsa-2023

www.mandriva.com/security/advisories?name=MDVSA-2010:062

www.openwall.com/lists/oss-security/2010/02/09/5

www.openwall.com/lists/oss-security/2010/03/09/1

www.openwall.com/lists/oss-security/2010/03/16/11

www.redhat.com/support/errata/RHSA-2010-0329.html

www.securityfocus.com/archive/1/514490/100/0/threaded

www.securityfocus.com/archive/1/516397/100/0/threaded

www.ubuntu.com/usn/USN-1158-1

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vupen.com/english/advisories/2010/0571

www.vupen.com/english/advisories/2010/0602

www.vupen.com/english/advisories/2010/0660

www.vupen.com/english/advisories/2010/0725

www.vupen.com/english/advisories/2010/1481

bugzilla.redhat.com/show_bug.cgi?id=563220

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.044 Low

EPSS

Percentile

92.4%

JSON

Related for NVD:CVE-2010-0734

nessus22 openvas31 centos1 redhat2 securityvulns3 osv1 cve1 veracode1 debian1 freebsd1 ubuntucve1 prion1 debiancve1 oraclelinux2 cvelist1 ubuntu1 gentoo1 vmware2