7 matches found
SUSE CVE-2013-2174
Heap-based buffer overflow in the curleasyunescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted string ending in a "%" percent character...
SUSE CVE-2016-7134
ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service allocation error and heap-based buffer overflow or possibly have unspecified other impact via a long string that is mishandled in a curlescape...
USN-3095-1 php5, php7.0 vulnerabilities
Taoguang Chen discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-7124 Taoguang Chen discovered that PHP incorrectly...
curl escape and unescape integer overflows
The four libcurl functions curlescape, curleasyescape, curlunescape and curleasyunescape perform string URL percent escaping and unescaping. They accept custom string length inputs in signed integer arguments. The functions having names without "easy" being the deprecated versions of the others...
UBUNTU-CVE-2016-7134
ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service allocation error and heap-based buffer overflow or possibly have unspecified other impact via a long string that is mishandled in a curlescape...
Internet Bug Bounty: integer overflow in curl_escape caused heap corruption
Please check: https://bugs.php.net/bug.php?id=72807...
DEBIAN-CVE-2013-2174
Heap-based buffer overflow in the curleasyunescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted string ending in a "%" percent character...