cURL and libcurl Denial of Service Vulnerabilities (CNVD-2015-02753)

CURL is a set of file transfer tools that utilize URL syntax to work at the command line.Libcurl is a free, open source client-side URL transfer library. A security vulnerability exists in the 'sanitizecookiepath' function in Haxx cURL and libcurl versions 7.31.0 through 7.41.0, which stems from...

DEBIAN-CVE-2015-3145

The sanitizecookiepath function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service out-of-bounds write and crash or possibly have other unspecified impact via a cookie path containing only a double-quote...

cookie parser out of boundary memory access

libcurl supports HTTP "cookies" as documented in RFC 6265. Together with each individual cookie there are several different properties, but for this vulnerability we focus on the associated "path" element. It tells information about for which path on a given host the cookie is valid. The internal...