Skip to main content

cURL Heap Overflow Vulnerability

Last Update Date: 25 Jun 2013 10:17 Release Date: 25 Jun 2013 4042 Views

RISK: Medium Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

A vulnerability has been identified in libcurl. A remote user can execute arbitrary code on the target system.


A remote user can send specially crafted data to trigger a heap overflow in curl_easy_unescape() and execute arbitrary code on the target system. The code will run with the privileges of the target service.


Systems that pass user-supplied data to the curl_easy_unescape() function may be affected.


Impact

  • Remote Code Execution

System / Technologies affected

  • libcurl version 7.7 to and including 7.30.0

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • update to version 7.31.0

Vulnerability Identifier


Source


Related Link