DEBIAN-CVE-2020-19909

Integer overflow vulnerability in tooloperate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may in theory cause a denial of service to associated systems or networks if, for example,...

curl: escape and unescape integer overflows

Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescaping of data. An attacker could potentially use these flaws to crash an application using libcurl by sending a specially crafted input to the affected libcurl functions...

DEBIAN-CVE-2018-0500

Curlsmtpescapeeob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings i.e., use of a nonstandard --limit-rate argument or CURLOPTBUFFERSIZE...

curl: escape and unescape integer overflows

Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescaping of data. An attacker could potentially use these flaws to crash an application using libcurl by sending a specially crafted input to the affected libcurl functions...

DEBIAN-CVE-2013-2174

Heap-based buffer overflow in the curleasyunescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted string ending in a "%" percent character...

Curl < 7.15.1 Multiple Remote Overflows

Binary data 3318.prm...

FTP Server Response Buffer Overflow

When storing an FTP server's error message on failure, there was no check for input length and thus a malicious FTP server could overflow curl's stack based buffer...