curl: Unbounded GZIP Decompression Leading to Event-Loop Starvation

When libcurl is configured to decompress HTTP responses via CURLOPTACCEPTENCODING or the --compressed CLI flag, it lacks decompression bounds checking or a mechanism to yield execution during massive expansion tasks. If an attacker provides a highly compressed payload zip bomb, libcurl's underlyi...

Windows Outbound-Filtering Rules

This module makes some kind of TCP traceroute to get outbound-filtering rules. It will try to make a TCP connection to a certain public IP address this IP does not need to be under your control using different TTL incremental values. This way if you get an answer ICMP TTL time exceeded packet fro...

Fedora 18 : curl-7.27.0-10.fc18 (2013-7813)

switch SSL socket into non-blocking mode after handshake 960765 - prevent an artificial timeout event due to stale speed-check data 906031 - show proper host name on failed resolve 957173 fix cookie tailmatching to prevent cross-domain leakage CVE-2013-1944 Note that Tenable Network Security has...