9 matches found
EUVD-2017-1405
Malware in sbrugna...
Out Of Bounds (OOB) Read Through URL Globbing
libcurl.so is vulnerable to out of bounds OOB read through URL globbing. The vulnerability exists as a given URL can cause libcurl.so to read a byte beyond the end of the URL...
CVE-2017-1000101
curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a...
MGASA-2017-0281 Updated curl packages fix security vulnerabilities
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user stdout or the application's provide callback, which could lead to other private data from the heap to...
Updated curl packages fix security vulnerabilities
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user stdout or the application's provide callback, which could lead to other private data from the heap to...
SUSE-SU-2017:2174-1 Security update for curl
This update for curl fixes the following issues: - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service bsc1051644 - CVE-2017-1000101: URL globbing out of bounds read could lead to a denial of service bsc1051643...
CURL-CVE-2017-1000101 URL globbing out of bounds read
curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a...
cURL -- multiple vulnerabilities
The cURL project reports: FILE buffer read out of bounds TFTP sends more than buffer size URL globbing out of bounds read...
Internet Bug Bounty: CVE-2017-1000101: cURL: URL globbing out of bounds read
FYI, this security advisory will not be released until 9 August 2017: curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an...