Lucene search
K

7 matches found

Hacker One
Hacker One
added 2025/10/29 10:51 a.m.13 views

curl: Logical Flaw in curl_url_set Leads to Inconsistent Query Parameter Encoding

Hello curl security team, First, thank you for your incredible work on maintaining such a critical and robust piece of software. We have been conducting a deep-dive source code audit of libcurl and believe we have identified a subtle logical flaw in the curlurlset API that has security...

6.8AI score
Exploits0
OSV
OSV
added 2021/12/25 12:1 a.m.11 views

OSV-2021-1758 Heap-buffer-overflow in seturl

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42892 Crash type: Heap-buffer-overflow READ Crash state: seturl parseurl curlurlset...

7.2AI score
Exploits0References1
OSV
OSV
added 2021/12/24 12:0 a.m.8 views

OSV-2021-1747 Heap-buffer-overflow in seturl

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42808 Crash type: Heap-buffer-overflow READ 16 Crash state: seturl parseurl curlurlset...

7.2AI score
Exploits0References1
OSV
OSV
added 2021/12/21 12:1 a.m.13 views

OSV-2021-1730 Heap-buffer-overflow in seturl

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42708 Crash type: Heap-buffer-overflow READ Crash state: seturl parseurl curlurlset...

7.2AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/10/28 4:2 p.m.5 views

curl: Integer overflows in curl_url_set() function

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1...

4.3CVSS7AI score0.04897EPSS
Exploits1References4
ossfuzz
ossfuzz
added 2019/10/03 9:16 a.m.16 views

curl:curl_fuzzer_http: Heap-use-after-free in seturl

Project: https://github.com/curl/curl.git Detailed Report: https://oss-fuzz.com/testcase?key=5168359280214016 Project: curl Fuzzing Engine: libFuzzer Fuzz Target: curlfuzzerhttp Job Type: libfuzzerasancurl Platform Id: linux Crash Type: Heap-use-after-free READ 1 Crash Address: 0x60300002cfbb Cra...

6.8AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/06/18 12:0 a.m.4 views

A vulnerability exists in the curl_url_set() function of the libcurl library, related to integer overflow. This vulnerability allows an attacker to compromise the accessibility of the protected information.

The vulnerability in the curlurlset function of the libcurl library is related to a potential overflow condition. Exploiting this vulnerability could allow an attacker to compromise the accessibility of protected information...

4.3CVSS6.8AI score0.04897EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder