Lucene search
RootSSV:60852HistoryJun 26, 2013 - 12:00 a.m.
cURL/libcURL 'curl_easy_unescape()'堆内存破坏漏洞
2013-06-2600:00:00
Root
www.seebug.org
18
0.093 Low
EPSS
Percentile
94.1%
BUGTRAQ ID: 60737
CVE(CAN) ID: CVE-2013-2174
cURL是命令行传输文件工具,支持FTP、FTPS、HTTP、HTTPS、GOPHER、TELNET、DICT、FILE和LDAP。
cURL 7.7 - 7.30.0版本内的函数"curl_easy_unescape()"(lib/escape.c)将URL编码的字符串解码为原始二进制数据时出现边界错误,此漏洞可被利用造成堆缓冲区溢出,导致任意代码执行。
0
cURL 7.x
临时解决方法:
建议您采取以下措施以降低威胁:
-
升级到curl/libcurl 7.31.0
-
应用补丁,重建libcurl
http://curl.haxx.se/libcurl-unescape.patch -
复核curl_easy_unescape(),或不使用此函数。
厂商补丁:
cURL
cURL已经为此发布了一个安全公告(adv_20130622)以及相应补丁:
adv_20130622:libcurl URL decode buffer boundary flaw
链接:http://curl.haxx.se/docs/adv_20130622.html
Related
securityvulns
securityvulns
libcurl uninitialized memory reference
2013-07-01 00:00:00
[ MDVSA-2013:180 ] curl
2013-07-01 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:55:13
Denial Of Service (DoS)
2018-07-25 05:49:29
prion
prion
Heap overflow
2013-07-31 13:20:00
oraclelinux
oraclelinux
curl security update
2013-06-25 00:00:00
nessus
nessus
SuSE 11.3 Security Update : curl (SAT Patch Number 7932)
2013-07-18 00:00:00
Mandriva Linux Security Advisory : curl (MDVSA-2013:180)
2013-06-28 00:00:00
Debian DSA-2713-1 : curl - heap overflow
2013-06-25 00:00:00
openvas
openvas
Debian Security Advisory DSA 2713-1 (curl - heap overflow)
2013-06-24 00:00:00
Oracle: Security Advisory (ELSA-2013-0983)
2015-10-06 00:00:00
Slackware: Security Advisory (SSA:2013-174-01)
2022-04-21 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package curl version 7.24.0-alt1.M60P.1
2013-06-24 00:00:00
ubuntu
ubuntu
curl vulnerability
2013-07-02 00:00:00
cve
cve
CVE-2013-2174
2013-07-31 13:20:00
fedora
fedora
[SECURITY] Fedora 19 Update: curl-7.29.0-7.fc19
2013-06-29 18:44:03
[SECURITY] Fedora 17 Update: curl-7.24.0-10.fc17
2013-07-23 01:11:16
[SECURITY] Fedora 19 Update: curl-7.29.0-13.fc19
2014-02-15 20:02:19
debian
debian
[SECURITY] [DSA 2713-1] curl security update
2013-06-24 21:18:14
[SECURITY] [DSA 2713-1] curl security update
2013-06-24 21:18:14
mageia
mageia
Updated curl packages fix CVE-2013-2174
2013-06-26 22:44:41
centos
centos
curl, libcurl security update
2013-06-26 02:20:36
redhat
redhat
(RHSA-2013:0983) Moderate: curl security update
2013-06-25 00:00:00
(RHSA-2013:1076) Important: rhev-hypervisor6 security and bug fix update
2013-07-16 00:00:00
ubuntucve
ubuntucve
CVE-2013-2174
2013-06-24 00:00:00
debiancve
debiancve
CVE-2013-2174
2013-07-31 13:20:00
slackware
slackware
[slackware-security] curl
2013-06-23 22:07:06
freebsd
freebsd
cURL library -- heap corruption in curl_easy_unescape
2013-06-22 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in cURL affect System x Integrated Management Module (IMM) (CVE-2013-2174, CVE-2014-0015, CVE-2014-138, CVE-2014-0139)
2019-01-31 01:35:01
gentoo
gentoo
cURL: Multiple vulnerabilities
2014-01-20 00:00:00
ics
ics
Hitachi Energy MSM Product
2022-08-30 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00