CVE-2013-2174

Published: 24 June 2013

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.

Priority

Status

Package	Release	Status
curl Launchpad, Ubuntu, Debian	lucid	Released (7.19.7-1ubuntu1.3)
	precise	Released (7.22.0-3ubuntu4.2)
	quantal	Released (7.27.0-1ubuntu1.3)
	raring	Released (7.29.0-1ubuntu3.1)
	upstream	Released (7.31.0-1)
	Patches: upstream: http://curl.haxx.se/libcurl-unescape.patch upstream: https://github.com/bagder/curl/commit/192c4f788d48f82c03e9cef40013f34370e90737 upstream: https://github.com/bagder/curl/commit/0de7249bb39a2738a277c438b2bb1252ab8243cd upstream: https://github.com/bagder/curl/commit/6fab0bd9f163430254259f6b7d5c75b5452257d3

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2013-2174

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading