libcurl: A user can execute arbitrary code on the target system.

Posted on Posted in cUrl

Decription: A vulnerability was reported in libcurl. A user can execute arbitrary code on the target system.

A user can supply a specially crafted length parameter value to certain libcurl functions to trigger an integer overflow and execute arbitrary code on the target system.
The curl_escape(), curl_easy_escape(), curl_unescape(), and curl_easy_unescape() functions are affected.

Impact: The specific impact depends on the application using libcurl. The curl command line tool is not affected.

Affected versions: libcurl 7.11.1 - 7.50.2

Recommended action: Apply the vendor issued fix v.7.50.3.

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *