Libcurl@7.54.1 Security Vulnerabilities and Issues — Libcurl@7.54.1 CVE List

Lucene search

HaxxLibcurl7.54.1

3 matches found

CVE•added 2017/10/06 1:29 p.m.•184 views

CVE-2017-1000254

libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double ...

7.5CVSS7.6AI score0.01688EPSS

CVE•added 2017/10/05 1:29 a.m.•179 views

CVE-2017-1000100

When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used...

6.5CVSS6.8AI score0.00455EPSS

CVE•added 2017/10/05 1:29 a.m.•105 views

CVE-2017-1000099

When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to...

6.5CVSS6.6AI score0.00627EPSS