curl-cffi@0.6.0b9 vulnerabilities
libcurl ffi bindings for Python, with impersonation support.
-
latest version
0.7.3
-
latest non vulnerable version
-
first published
2 years ago
-
latest version published
a month ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the curl-cffi package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
curl-cffi is a python binding for curl-impersonate via cffi. Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the This is only exploitable if the SOCKS5 handshake is slow enough to trigger a local variable bug and the client uses a hostname longer than the download buffer. Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system under certain conditions. Note: An overflow is only possible in applications that don't set The options that cause SOCKS5 with remote hostname to be used in
The options that cause SOCKS5 with remote hostname to be used in the
Changelog: 2023-10-04: Initial publication 2023-10-11: Published updated information, including CWE, CVSS, official references and affected versions range. How to fix Heap-based Buffer Overflow? Upgrade |
[,0.7.0b6)
|