Lucene search
HistoryJul 31, 2013 - 1:20 p.m.
CVE-2013-2174
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
High
EPSS
0.093
Percentile
94.7%
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a “%” (percent) character.
Affected configurations
Node
haxxcurlMatch7.7
ORhaxxcurlMatch7.7.1
ORhaxxcurlMatch7.7.2
ORhaxxcurlMatch7.7.3
ORhaxxcurlMatch7.8
ORhaxxcurlMatch7.8.1
ORhaxxcurlMatch7.9
ORhaxxcurlMatch7.9.1
ORhaxxcurlMatch7.9.2
ORhaxxcurlMatch7.9.3
ORhaxxcurlMatch7.9.4
ORhaxxcurlMatch7.9.5
ORhaxxcurlMatch7.9.6
ORhaxxcurlMatch7.9.7
ORhaxxcurlMatch7.9.8
ORhaxxcurlMatch7.10
ORhaxxcurlMatch7.10.1
ORhaxxcurlMatch7.10.2
ORhaxxcurlMatch7.10.3
ORhaxxcurlMatch7.10.4
ORhaxxcurlMatch7.10.5
ORhaxxcurlMatch7.10.6
ORhaxxcurlMatch7.10.7
ORhaxxcurlMatch7.10.8
ORhaxxcurlMatch7.11.0
ORhaxxcurlMatch7.11.1
ORhaxxcurlMatch7.11.2
ORhaxxcurlMatch7.12.0
ORhaxxcurlMatch7.12.1
ORhaxxcurlMatch7.12.2
ORhaxxcurlMatch7.12.3
ORhaxxcurlMatch7.13.0
ORhaxxcurlMatch7.13.1
ORhaxxcurlMatch7.13.2
ORhaxxcurlMatch7.14.0
ORhaxxcurlMatch7.14.1
ORhaxxcurlMatch7.15.0
ORhaxxcurlMatch7.15.1
ORhaxxcurlMatch7.15.2
ORhaxxcurlMatch7.15.3
ORhaxxcurlMatch7.15.4
ORhaxxcurlMatch7.15.5
ORhaxxcurlMatch7.16.0
ORhaxxcurlMatch7.16.1
ORhaxxcurlMatch7.16.2
ORhaxxcurlMatch7.16.3
ORhaxxcurlMatch7.16.4
ORhaxxcurlMatch7.17.0
ORhaxxcurlMatch7.17.1
ORhaxxcurlMatch7.18.0
ORhaxxcurlMatch7.18.1
ORhaxxcurlMatch7.18.2
ORhaxxcurlMatch7.19.0
ORhaxxcurlMatch7.19.1
ORhaxxcurlMatch7.19.2
ORhaxxcurlMatch7.19.3
ORhaxxcurlMatch7.19.4
ORhaxxcurlMatch7.19.5
ORhaxxcurlMatch7.19.6
ORhaxxcurlMatch7.19.7
ORhaxxcurlMatch7.20.0
ORhaxxcurlMatch7.20.1
ORhaxxcurlMatch7.21.0
ORhaxxcurlMatch7.21.1
ORhaxxcurlMatch7.21.2
ORhaxxcurlMatch7.21.3
ORhaxxcurlMatch7.21.4
ORhaxxcurlMatch7.21.5
ORhaxxcurlMatch7.21.6
ORhaxxcurlMatch7.21.7
ORhaxxcurlMatch7.22.0
ORhaxxcurlMatch7.23.0
ORhaxxcurlMatch7.23.1
ORhaxxcurlMatch7.24.0
ORhaxxcurlMatch7.25.0
ORhaxxcurlMatch7.26.0
ORhaxxcurlMatch7.27.0
ORhaxxcurlMatch7.28.0
ORhaxxcurlMatch7.28.1
ORhaxxcurlMatch7.29.0
ORhaxxcurlMatch7.30.0
Node
haxxlibcurlMatch7.7
ORhaxxlibcurlMatch7.7.1
ORhaxxlibcurlMatch7.7.2
ORhaxxlibcurlMatch7.7.3
ORhaxxlibcurlMatch7.8
ORhaxxlibcurlMatch7.8.1
ORhaxxlibcurlMatch7.9
ORhaxxlibcurlMatch7.9.1
ORhaxxlibcurlMatch7.9.2
ORhaxxlibcurlMatch7.9.3
ORhaxxlibcurlMatch7.9.4
ORhaxxlibcurlMatch7.9.5
ORhaxxlibcurlMatch7.9.6
ORhaxxlibcurlMatch7.9.7
ORhaxxlibcurlMatch7.9.8
ORhaxxlibcurlMatch7.10
ORhaxxlibcurlMatch7.10.1
ORhaxxlibcurlMatch7.10.2
ORhaxxlibcurlMatch7.10.3
ORhaxxlibcurlMatch7.10.4
ORhaxxlibcurlMatch7.10.5
ORhaxxlibcurlMatch7.10.6
ORhaxxlibcurlMatch7.10.7
ORhaxxlibcurlMatch7.10.8
ORhaxxlibcurlMatch7.11.0
ORhaxxlibcurlMatch7.11.1
ORhaxxlibcurlMatch7.11.2
ORhaxxlibcurlMatch7.12.0
ORhaxxlibcurlMatch7.12.1
ORhaxxlibcurlMatch7.12.2
ORhaxxlibcurlMatch7.12.3
ORhaxxlibcurlMatch7.13.0
ORhaxxlibcurlMatch7.13.1
ORhaxxlibcurlMatch7.13.2
ORhaxxlibcurlMatch7.14.0
ORhaxxlibcurlMatch7.14.1
ORhaxxlibcurlMatch7.15.0
ORhaxxlibcurlMatch7.15.1
ORhaxxlibcurlMatch7.15.2
ORhaxxlibcurlMatch7.15.3
ORhaxxlibcurlMatch7.15.4
ORhaxxlibcurlMatch7.15.5
ORhaxxlibcurlMatch7.16.0
ORhaxxlibcurlMatch7.16.1
ORhaxxlibcurlMatch7.16.2
ORhaxxlibcurlMatch7.16.3
ORhaxxlibcurlMatch7.16.4
ORhaxxlibcurlMatch7.17.0
ORhaxxlibcurlMatch7.17.1
ORhaxxlibcurlMatch7.18.0
ORhaxxlibcurlMatch7.18.1
ORhaxxlibcurlMatch7.18.2
ORhaxxlibcurlMatch7.19.0
ORhaxxlibcurlMatch7.19.1
ORhaxxlibcurlMatch7.19.2
ORhaxxlibcurlMatch7.19.3
ORhaxxlibcurlMatch7.19.4
ORhaxxlibcurlMatch7.19.5
ORhaxxlibcurlMatch7.19.6
ORhaxxlibcurlMatch7.19.7
ORhaxxlibcurlMatch7.20.0
ORhaxxlibcurlMatch7.20.1
ORhaxxlibcurlMatch7.21.0
ORhaxxlibcurlMatch7.21.1
ORhaxxlibcurlMatch7.21.2
ORhaxxlibcurlMatch7.21.3
ORhaxxlibcurlMatch7.21.4
ORhaxxlibcurlMatch7.21.5
ORhaxxlibcurlMatch7.21.6
ORhaxxlibcurlMatch7.21.7
ORhaxxlibcurlMatch7.22.0
ORhaxxlibcurlMatch7.23.0
ORhaxxlibcurlMatch7.23.1
ORhaxxlibcurlMatch7.24.0
ORhaxxlibcurlMatch7.25.0
ORhaxxlibcurlMatch7.26.0
ORhaxxlibcurlMatch7.27.0
ORhaxxlibcurlMatch7.28.0
ORhaxxlibcurlMatch7.28.1
ORhaxxlibcurlMatch7.29.0
ORhaxxlibcurlMatch7.30.0
Node
canonicalubuntu_linuxMatch10.04-lts
ORcanonicalubuntu_linuxMatch12.04-lts
ORcanonicalubuntu_linuxMatch12.10
ORcanonicalubuntu_linuxMatch13.04
ORopensuseopensuseMatch11.4
ORredhatenterprise_linuxMatch5
ORredhatenterprise_linuxMatch6.0
References
curl.haxx.se/docs/adv_20130622.html
lists.opensuse.org/opensuse-updates/2013-07/msg00013.html
rhn.redhat.com/errata/RHSA-2013-0983.html
www.debian.org/security/2013/dsa-2713
www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
www.securityfocus.com/bid/60737
www.ubuntu.com/usn/USN-1894-1
github.com/bagder/curl/commit/192c4f788d48f82c03e9cef40013f34370e90737
Related
altlinux
altlinux
Security fix for the ALT Linux 6 package curl version 7.24.0-alt1.M60P.1
2013-06-24 00:00:00
ubuntu
ubuntu
curl vulnerability
2013-07-02 00:00:00
seebug
seebug
cURL/libcURL 'curl_easy_unescape()'堆内存破坏漏洞
2013-06-26 00:00:00
nessus
nessus
SuSE 10 Security Update : curl (ZYPP Patch Number 8614)
2013-07-11 00:00:00
Fedora 17 : curl-7.24.0-10.fc17 (2013-11568)
2013-07-23 00:00:00
openvas
openvas
CentOS Update for curl CESA-2013:0983 centos6
2013-06-27 00:00:00
CentOS Update for curl CESA-2013:0983 centos5
2013-06-27 00:00:00
Ubuntu Update for curl USN-1894-1
2013-07-05 00:00:00
cve
cve
CVE-2013-2174
2013-07-31 13:20:25
prion
prion
Heap overflow
2013-07-31 13:20:00
securityvulns
securityvulns
libcurl uninitialized memory reference
2013-07-01 00:00:00
[ MDVSA-2013:180 ] curl
2013-07-01 00:00:00
cvelist
cvelist
CVE-2013-2174
2013-07-31 10:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:55:13
Denial Of Service (DoS)
2018-07-25 05:49:29
oraclelinux
oraclelinux
curl security update
2013-06-25 00:00:00
debian
debian
[SECURITY] [DSA 2713-1] curl security update
2013-06-24 21:18:14
[SECURITY] [DSA 2713-1] curl security update
2013-06-24 21:18:14
centos
centos
curl, libcurl security update
2013-06-26 02:20:36
fedora
fedora
[SECURITY] Fedora 19 Update: curl-7.29.0-7.fc19
2013-06-29 18:44:03
[SECURITY] Fedora 19 Update: curl-7.29.0-13.fc19
2014-02-15 20:02:19
[SECURITY] Fedora 19 Update: haproxy-1.4.24-1.fc19
2013-06-29 18:15:34
mageia
mageia
Updated curl packages fix CVE-2013-2174
2013-06-26 22:44:41
debiancve
debiancve
CVE-2013-2174
2013-07-31 13:20:25
slackware
slackware
[slackware-security] curl
2013-06-23 22:07:06
freebsd
freebsd
cURL library -- heap corruption in curl_easy_unescape
2013-06-22 00:00:00
redhat
redhat
(RHSA-2013:0983) Moderate: curl security update
2013-06-25 00:00:00
(RHSA-2013:1076) Important: rhev-hypervisor6 security and bug fix update
2013-07-16 00:00:00
ubuntucve
ubuntucve
CVE-2013-2174
2013-06-24 00:00:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2014-01-20 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in cURL affect System x Integrated Management Module (IMM) (CVE-2013-2174, CVE-2014-0015, CVE-2014-0138, CVE-2014-0139)
2019-01-31 01:35:01
ics
ics
Hitachi Energy MSM Product
2022-08-30 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
High
EPSS
0.093
Percentile
94.7%
Related for NVD:CVE-2013-2174