Denial Of Service (DoS)

2019-01-1508:55:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

libcurl.so is susceptible to denial of service(DoS). The vulnerability exists because the curl_easy_unescape function in lib/escape.c only terminates string parsing when a zero byte is used, leading to heap corruption that can crash the application or cause arbitrary code to be executed.

CPENameOperatorVersion
curleq7.15.5__9.el5_7.4
curleq7.15.5__2.1.el5_3.4
curleq7.15.5__15.el5
curleq7.15.5__9.el5_6.3
curleq7.15.5__9.el5
curleq7.19.7__26.el6
curleq7.19.7__36.el6_4
curleq7.15.5__2.1.el5_3.5
curleq7.19.7__16.el6
curleq7.19.7__26.el6_1.1

Name	Operator	Version
curl	eq	7.15.5__9.el5_7.4
curl	eq	7.15.5__2.1.el5_3.4
curl	eq	7.15.5__15.el5
curl	eq	7.15.5__9.el5_6.3
curl	eq	7.15.5__9.el5
curl	eq	7.19.7__26.el6
curl	eq	7.19.7__36.el6_4
curl	eq	7.15.5__2.1.el5_3.5
curl	eq	7.19.7__16.el6
curl	eq	7.19.7__26.el6_1.1