Lucene search
K

2976 matches found

NVD
NVD
added 2010/03/19 7:30 p.m.17 views

CVE-2010-0734

contentencoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service application crash or have unspecified othe...

6.8CVSS7.7AI score0.04408EPSS
Exploits0References35
OSV
OSV
added 2010/03/19 7:30 p.m.9 views

CVE-2010-0734

contentencoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service application crash or have unspecified othe...

6.8CVSS6.6AI score0.04408EPSS
Exploits0References35
CVE
CVE
added 2010/03/19 7:0 p.m.97 views

CVE-2010-0734

CVE-2010-0734 affects libcurl 7.10.5–7.19.7 when zlib is enabled. The defect in content_encoding.c allows a remote attacker to send crafted compressed data that bypasses the data-length limit, potentially causing an application crash (DoS) or other impact. Affected releases and the fix are docume...

6.8CVSS7.4AI score0.04408EPSS
Exploits0References35Affected Software1
Cvelist
Cvelist
added 2010/03/19 7:0 p.m.28 views

CVE-2010-0734

contentencoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service application crash or have unspecified othe...

7.5AI score0.04408EPSS
Exploits0References35
Debian CVE
Debian CVE
added 2010/03/19 7:0 p.m.32 views

CVE-2010-0734

contentencoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service application crash or have unspecified othe...

6.8CVSS7.8AI score0.04408EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2010/03/19 12:0 a.m.25 views

CVE-2010-0734

contentencoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service application crash or have unspecified othe...

6.8CVSS7.1AI score0.04408EPSS
Exploits0References3
seebug.org
seebug.org
added 2010/03/10 12:0 a.m.17 views

cURL/libcURL CURLOPT_ENCODING选项缓冲区溢出漏洞

BUGTRAQ ID: 38162 cURL是命令行传输文件工具,支持FTP、FTPS、HTTP、HTTPS、GOPHER、TELNET、DICT、FILE和LDAP。 在下载数据时,libcurl库使用客户端软件所注册的回调函数将数据传送给应用程序,在完成传输之前会反复的调用该函数。回调函数可接收的最大数据大小为16K(CURLMAXWRITESIZE)。 在HTTP上使用libcurl库下载压缩的内容时应用程序可以要求libcurl自动解压数据。而解压期间libcurl可能错误的向回调函数发送最多可为64K的数据,因此盲目信任libcurl的最大缓冲区限制的应用可能会出现缓冲区溢出。...

6.9AI score
Exploits0
OSV
OSV
added 2010/02/09 8:0 a.m.11 views

CURL-CVE-2010-0734 data callback excessive length

When downloading data, libcurl hands it over to the application using a callback that is registered by the client software. libcurl then calls that function repeatedly with data until the transfer is complete. The callback is documented to receive a maximum data size of 16K CURLMAXWRITESIZE. Usin...

6.8CVSS6.5AI score0.04408EPSS
Exploits0
curl security advisories
curl security advisories
added 2010/02/09 8:0 a.m.6 views

data callback excessive length

When downloading data, libcurl hands it over to the application using a callback that is registered by the client software. libcurl then calls that function repeatedly with data until the transfer is complete. The callback is documented to receive a maximum data size of 16K CURLMAXWRITESIZE. Usin...

6.8CVSS7.5AI score0.04408EPSS
Exploits0Affected Software2
FreeBSD
FreeBSD
added 2010/02/09 12:0 a.m.37 views

curl -- libcurl buffer overflow vulnerability

The cURL project reports in a security advisory: Using the affected libcurl version to download compressed content over HTTP, an application can ask libcurl to automatically uncompress data. When doing so, libcurl can wrongly send data up to 64K in size to the callback which thus is much larger...

6.8CVSS7.9AI score0.04408EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2009/12/10 12:0 a.m.37 views

Mandriva Security Advisory MDVSA-2009:203-1 (curl)

The remote host is missing an update to curl announced via advisory MDVSA-2009:203-1. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

7.5CVSS6.8AI score0.05741EPSS
Exploits4References1
Tenable Nessus
Tenable Nessus
added 2009/08/27 12:0 a.m.24 views

openSUSE Security Update : curl (curl-1232)

curl did not detect embedded null characters in certificate names. By using specially crafted certificates attackers could exploit that to conduct man in the middle attacks CVE-2009-2417. Note the previous update that was supposed to fix the issue accidentally lacked the actual fix which was...

7.5CVSS5.6AI score0.03602EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/08/20 12:0 a.m.26 views

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : curl vulnerability (USN-818-1)

Scott Cantor discovered that Curl did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Note that Tenable Network Security has...

7.5CVSS5.7AI score0.03602EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/08/18 12:0 a.m.44 views

RHEL 3 / 4 / 5 : curl (RHSA-2009:1209)

Updated curl packages that fix security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using...

7.5CVSS5.5AI score0.03602EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2009/08/17 12:0 a.m.19 views

RedHat Security Advisory RHSA-2009:1209

The remote host is missing updates announced in advisory RHSA-2009:1209. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Scott Cantor reported...

7.5CVSS0.4AI score0.03602EPSS
Exploits0References2
securityvulns
securityvulns
added 2009/08/17 12:0 a.m.98 views

cURL / libcurl SSL certificate spoofing

Certificate name spoofing via NULL byte...

7.5CVSS2.4AI score0.05741EPSS
Exploits4References1Affected Software2
Tenable Nessus
Tenable Nessus
added 2009/08/17 12:0 a.m.22 views

CentOS 3 / 5 : curl (CESA-2009:1209)

Updated curl packages that fix security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using...

7.5CVSS5.5AI score0.03602EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2009/08/17 12:0 a.m.21 views

RedHat Security Advisory RHSA-2009:1209

The remote host is missing updates announced in advisory RHSA-2009:1209. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Scott Cantor reported...

7.5CVSS6.4AI score0.03602EPSS
Exploits0References2
NVD
NVD
added 2009/08/14 3:16 p.m.25 views

CVE-2009-2417

lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

7.5CVSS6.1AI score0.03602EPSS
Exploits0References28
OSV
OSV
added 2009/08/14 3:16 p.m.8 views

CVE-2009-2417

lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

7.5CVSS5.5AI score0.03602EPSS
Exploits0References29
Rows per page
Query Builder