6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
cURL is vulnerable to denial of service (DoS). When deflate compression was used, libcurl could call the registered write callback function with data exceeding the documented limit. A malicious server could use this flaw to crash an application using libcurl or, potentially, execute arbitrary code.
curl.haxx.se/docs/adv_20100209.html
curl.haxx.se/docs/security.html#20100209
curl.haxx.se/libcurl-contentencoding.patch
lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html
lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html
secunia.com/advisories/38843
secunia.com/advisories/38981
secunia.com/advisories/39087
secunia.com/advisories/39734
secunia.com/advisories/40220
secunia.com/advisories/45047
secunia.com/advisories/48256
security.gentoo.org/glsa/glsa-201203-02.xml
support.apple.com/kb/HT4188
support.avaya.com/css/P8/documents/100081819
wiki.rpath.com/Advisories:rPSA-2010-0072
www.debian.org/security/2010/dsa-2023
www.mandriva.com/security/advisories?name=MDVSA-2010:062
www.openwall.com/lists/oss-security/2010/02/09/5
www.openwall.com/lists/oss-security/2010/03/09/1
www.openwall.com/lists/oss-security/2010/03/16/11
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2010-0329.html
www.securityfocus.com/archive/1/514490/100/0/threaded
www.securityfocus.com/archive/1/516397/100/0/threaded
www.ubuntu.com/usn/USN-1158-1
www.vmware.com/security/advisories/VMSA-2011-0003.html
www.vupen.com/english/advisories/2010/0571
www.vupen.com/english/advisories/2010/0602
www.vupen.com/english/advisories/2010/0660
www.vupen.com/english/advisories/2010/0725
www.vupen.com/english/advisories/2010/1481
access.redhat.com/errata/RHSA-2010:0273
bugzilla.redhat.com/show_bug.cgi?id=563220
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756