Decription: A vulnerability was reported in libcurl. A user can execute arbitrary code on the target system.
A user can supply a specially crafted length parameter value to certain libcurl functions to trigger an integer overflow and execute arbitrary code on the target system.
The curl_escape(), curl_easy_escape(), curl_unescape(), and curl_easy_unescape() functions are affected.
Impact: The specific impact depends on the application using libcurl. The curl command line tool is not affected.
Affected versions: libcurl 7.11.1 - 7.50.2
Recommended action: Apply the vendor issued fix v.7.50.3.