The vulnerability lies in the implementation of “chain” compression mechanisms for the HTTP utility tool cURL, which allows a attacker to trigger a service failure.

The vulnerability of the “chain” compression mechanism implemented in the CURL command-line utility relates to the ability to perform an infinite number of decompression steps of server HTTP responses, which can lead to uncontrolled memory consumption. Exploiting this vulnerability allows a remot...