3 matches found
curl: Memory Leak
in getparameter via strdup in toolgetparam.c SIGSEGV Project: cURL File: src/toolgetparam.c Function: getparameter → indirectly via getstr Detected By: AddressSanitizer ASan Command Used: ASANOPTIONS="detectleaks=1:verbosity=2:malloccontextsize=50" ./curl -K Overview A memory leak vulnerability h...
curl: HTTP/2 push headers memory-leak
A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a...
SUSE CVE-2017-1000100
When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name longer than about 515 bytes, the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used...