Security Bulletin: IBM MQ certain file URLs could cause a buffer overwrite (CVE-2017-9502)

Summary A problem within the libcurl library means certain file URLs could cause a buffer overwrite within IBM MQ. Vulnerability Details CVEID: CVE-2017-9502 DESCRIPTION: libcurl is vulnerable to a heap-based buffer overflow, caused by a flaw in the file protocol. By sending a specially-crafted...

Fedora 26 : mingw-curl (2017-03fc914348)

Fixes CVE-2017-9502 Windows builds only Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

CVE-2017-9502

In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with sev...

CVE-2017-9502

In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with sev...

CVE-2017-9502

In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with sev...

CVE-2017-9502

CVE-2017-9502 affects libcurl’s file URL handling on Windows/DOS. The default protocol function could overflow a heap buffer by seven bytes when a file: URL without two slashes starts with a drive letter, leading to potential arbitrary code execution (per IBM MQ advisory). Remediation is to upgra...