6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Wesley Miaw discovered that libcurl, a multi-protocol file transfer
library, is prone to a buffer overflow via the callback function when
an application relies on libcurl to automatically uncompress data. Note
that this only affects applications that trust libcurl’s maximum limit
for a fixed buffer size and do not perform any sanity checks themselves.
For the stable distribution (lenny), this problem has been fixed in
version 7.18.2-8lenny4.
Due to a problem with the archive software, we are unable to release all
architectures simultaneously. Binaries for the hppa, ia64, mips, mipsel
and s390 architectures will be provided once they are available.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 7.20.0-1.
We recommend that you upgrade your curl packages.
CPE | Name | Operator | Version |
---|---|---|---|
curl | eq | 7.18.2-8lenny2 | |
curl | eq | 7.18.2-8 | |
curl | eq | 7.18.2-8lenny3 |