6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.07 Low
EPSS
Percentile
92.9%
cURL provides the libcurl library and a command line tool for downloading
files from servers using various protocols, including HTTP, FTP, and LDAP.
A heap-based buffer overflow flaw was found in the way libcurl unescaped
URLs. A remote attacker could provide a specially-crafted URL that, when
processed by an application using libcurl that handles untrusted URLs,
would possibly cause it to crash or, potentially, execute arbitrary code.
(CVE-2013-2174)
Red Hat would like to thank the cURL project for reporting this issue.
Upstream acknowledges Timo Sirainen as the original reporter.
Users of curl should upgrade to these updated packages, which contain a
backported patch to correct this issue. All running applications using
libcurl must be restarted for the update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | ppc64 | libcurl-devel | < 7.19.7-37.el6_4 | libcurl-devel-7.19.7-37.el6_4.ppc64.rpm |
RedHat | 6 | i686 | curl | < 7.19.7-37.el6_4 | curl-7.19.7-37.el6_4.i686.rpm |
RedHat | 6 | s390x | curl | < 7.19.7-37.el6_4 | curl-7.19.7-37.el6_4.s390x.rpm |
RedHat | 5 | s390x | curl-devel | < 7.15.5-17.el5_9 | curl-devel-7.15.5-17.el5_9.s390x.rpm |
RedHat | 6 | s390x | libcurl | < 7.19.7-37.el6_4 | libcurl-7.19.7-37.el6_4.s390x.rpm |
RedHat | 6 | i686 | curl-debuginfo | < 7.19.7-37.el6_4 | curl-debuginfo-7.19.7-37.el6_4.i686.rpm |
RedHat | 5 | ia64 | curl-debuginfo | < 7.15.5-17.el5_9 | curl-debuginfo-7.15.5-17.el5_9.ia64.rpm |
RedHat | 5 | s390 | curl | < 7.15.5-17.el5_9 | curl-7.15.5-17.el5_9.s390.rpm |
RedHat | 6 | ppc | curl-debuginfo | < 7.19.7-37.el6_4 | curl-debuginfo-7.19.7-37.el6_4.ppc.rpm |
RedHat | 5 | ia64 | curl | < 7.15.5-17.el5_9 | curl-7.15.5-17.el5_9.ia64.rpm |