Title: cURL Remote Buffer Overflow Vulnerability
Severity: HIGH
Description:
Curl is an open-source utility for sending or receiving files using URL syntax. A vulnerability exists in the version of curl included with Debian GNU/Linux 2.2 and FreeBSD (prior to 4.2 release).
Note that cURL runs on other platforms as well, and earlier versions may be also vulnerable.
Curl's error-logging feature improperly tests the size of generated error messages, which are sent from a remote host. A malicious remote server could send a maliciously-formed response to a request from curl, designed to exceed the maximum length of the error buffer. The contents of this oversized buffer, when copied onto the stack, can potentially overwrite the calling functions' return address. This can alter the program's flow of execution and result in arbitrary code being run on the client host.
Affected Products:
- Daniel Stenberg curl 6.0.0
- Daniel Stenberg curl 6.1.0
- Daniel Stenberg curl 6.1.0 beta
- Daniel Stenberg curl 6.3.0
- Daniel Stenberg curl 6.4.0
- Daniel Stenberg curl 6.5.0
- Daniel Stenberg curl 6.5.1
- Daniel Stenberg curl 6.5.2
- Daniel Stenberg curl 7.1.0
- Daniel Stenberg curl 7.1.1
- Daniel Stenberg curl 7.2.0
- Daniel Stenberg curl 7.2.1
- Daniel Stenberg curl 7.3.0
- Daniel Stenberg curl 7.4.0
- Debian Linux 2.2.0
- RedHat PowerTools 6.1.0
- RedHat PowerTools 6.2.0
- RedHat PowerTools 7.0.0
References:
- Daniel Stenberg <daniel at haxx.se>: cURL changelog
- Daniel Stenberg <daniel at haxx.se>: cURL homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
