CVE-2013-2174
Published: 24 June 2013
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.
Priority
Status
Package | Release | Status |
---|---|---|
curl Launchpad, Ubuntu, Debian |
lucid |
Released
(7.19.7-1ubuntu1.3)
|
precise |
Released
(7.22.0-3ubuntu4.2)
|
|
quantal |
Released
(7.27.0-1ubuntu1.3)
|
|
raring |
Released
(7.29.0-1ubuntu3.1)
|
|
upstream |
Released
(7.31.0-1)
|
|
Patches: upstream: http://curl.haxx.se/libcurl-unescape.patch upstream: https://github.com/bagder/curl/commit/192c4f788d48f82c03e9cef40013f34370e90737 upstream: https://github.com/bagder/curl/commit/0de7249bb39a2738a277c438b2bb1252ab8243cd upstream: https://github.com/bagder/curl/commit/6fab0bd9f163430254259f6b7d5c75b5452257d3 |