Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.
Múltiples desbordamientos de entero en las funciones (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape y (4) curl_easy_unescape en libcurl en versiones anteriores a 7.50.3 permiten a atacantes tener impacto no especificado a través de una cadena de longitud 0xffffffff, lo que desencadena un desbordamiento de búfer basado en memoria dinámica.
AV:N/AC:L/Au:N/C:P/I:P/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-190
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| fedoraproject | fedora | 23 | <built-in method update of dict object at 0x72a9b0a79e80> | Operating System |
| fedoraproject | fedora | 24 | <built-in method update of dict object at 0x72a9b0c20e80> | Operating System |
| fedoraproject | fedora | 25 | <built-in method update of dict object at 0x72a9b0e0d040> | Operating System |
| haxx | libcurl | * | <built-in method update of dict object at 0x72a9cc7f5840> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:* |