curl: Infinite loop issue in the state machine of the curl project

Summary: Vulnerability impact: When curl attempts to download files from a malicious FTP server, it triggers an infinite loop in the code execution. I discovered this issue in the FTP functionality of the curl project .As described in...

curl/curl_fuzzer_http: Index-out-of-bounds in fuzz_send_next_response

Project: https://github.com/curl/curl.git Detailed report: https://oss-fuzz.com/testcase?key=4602769987076096 Project: curl Fuzzer: libFuzzercurlfuzzerhttp Fuzz target binary: curlfuzzerhttp Job Type: libfuzzerubsancurl Platform Id: linux Crash Type: Index-out-of-bounds Crash Address: Crash State...

cURL -- Escape and unescape integer overflows

The cURL project reports The four libcurl functions curlescape, curleasyescape, curlunescape and curleasyunescape perform string URL percent escaping and unescaping. They accept custom string length inputs in signed integer arguments. The provided string length arguments were not properly checked...