Lucene search
+L

25 matches found

euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-15025

Malware in sbrugna...

4.3CVSS4.6AI score0.04897EPSS
Exploits1References16
euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-47867

Malicious code in bioql PyPI...

4.3CVSS6.2AI score0.00786EPSS
Exploits1References4
veracode
veracode
added 2024/07/30 9:26 a.m.24 views

Out-of-Bounds Read

libcurl.so is vulnerable to an Out-of-Bounds Read. The vulnerability is due to a flaw in the URL API function curlurlget when using the macidn IDN backend. It arises from the function filling the provided buffer exactly without null-terminating the string. Attackers can exploit this to read stack...

4.3CVSS6.5AI score0.00786EPSS
Exploits1References6Affected Software2
redhatcve
redhatcve
added 2024/07/25 6:41 a.m.28 views

CVE-2024-6874

A buffer overread vulnerability was found in Curl's URL API function curlurlget. This issue allows a remote attacker to obtain sensitive information due to a punycode buffer overread flaw. By sending a specially crafted request, an attacker can gain sensitive information and potentially launch...

5.3CVSS6.4AI score0.00786EPSS
Exploits1References6
nvd
nvd
added 2024/07/24 8:15 a.m.43 views

CVE-2024-6874

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS0.00786EPSS
Exploits1References5
osv
osv
added 2024/07/24 8:15 a.m.7 views

AZL-47020 CVE-2024-6874 affecting package curl for versions less than 8.8.0-1

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS7.3AI score0.00786EPSS
Exploits1References1
osv
osv
added 2024/07/24 8:0 a.m.26 views

CURL-CVE-2024-6874 macidn punycode buffer overread

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS6.9AI score0.00786EPSS
Exploits1
cvelist
cvelist
added 2024/07/24 7:36 a.m.40 views

CVE-2024-6874 macidn punycode buffer overread

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

0.00786EPSS
Exploits1References4
debiancve
debiancve
added 2024/07/24 7:36 a.m.35 views

CVE-2024-6874

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS7AI score0.00786EPSS
Exploits1
vulnrichment
vulnrichment
added 2024/07/24 7:36 a.m.26 views

CVE-2024-6874 macidn punycode buffer overread

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

6.5AI score0.00786EPSS
Exploits1References4
cve
cve
added 2024/07/24 7:36 a.m.181 views

CVE-2024-6874

CVE-2024-6874 affects libcurl’s URL API function curl_url_get() when built with the macidn IDN backend. If the input name is exactly 256 bytes, the function may read past a stack-based buffer, and when the conversion fills the provided buffer, it does not null-terminate the string, potentially ca...

4.3CVSS6.6AI score0.00786EPSS
Exploits1References5Affected Software1
osv
osv
added 2024/07/24 7:36 a.m.28 views

CVE-2024-6874 macidn punycode buffer overread

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

3.1CVSS6.8AI score0.00786EPSS
Exploits1References7
hackerone
hackerone
added 2024/07/24 7:19 a.m.15 views

Internet Bug Bounty: curl: stack-buffer overread during punycode conversions

The vulnerability in libcurl's URL API function curlurlget was discovered, where it performed punycode conversions. When converting a 256-byte domain name, the function read outside of a stack-based buffer, potentially leaking adjacent stack memory as part of the converted string. The flaw was...

4.3CVSS4.4AI score0.00786EPSS
Exploits1
ubuntucve
ubuntucve
added 2024/07/24 12:0 a.m.31 views

CVE-2024-6874

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS6.9AI score0.00786EPSS
Exploits1References2
f5
f5
added 2023/02/21 6:33 p.m.46 views

K08125515: cURL vulnerability CVE-2019-5435

Security Advisory Description An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. CVE-2019-5435 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated th...

4.3CVSS5.2AI score0.04897EPSS
Exploits1
hackerone
hackerone
added 2021/10/06 3:23 p.m.67 views

Fastify: 1-click DOS in fastify-static via directly passing user's input to new URL() of NodeJS without try/catch

Summary: When fastify-static is mounted at root and registered the option redirect: true default of redirect option is false, the following line directly feed user's input which is req.raw.url to URL API without try/catch: https://github.com/fastify/fastify-static/blob/master/index.jsL439. A remo...

6.8CVSS8.3AI score0.00988EPSS
Exploits1
nvd
nvd
added 2019/05/28 7:29 p.m.20 views

CVE-2019-5435

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1...

4.3CVSS6.5AI score0.04897EPSS
Exploits1References8
osv
osv
added 2019/05/28 7:29 p.m.23 views

CVE-2019-5435

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1...

3.7CVSS7.1AI score0.04897EPSS
Exploits1References8
osv
osv
added 2019/05/28 7:29 p.m.1 views

DEBIAN-CVE-2019-5435

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1...

3.7CVSS5.2AI score0.04897EPSS
Exploits1References1
prion
prion
added 2019/05/28 7:29 p.m.25 views

Integer overflow

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1...

4.3CVSS5.9AI score0.04897EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder