Numeric Errors Affecting curl package, versions <7.15.1-1
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN11-CURL-522563
- published 8 Dec 2005
- disclosed 8 Dec 2005
Introduced: 8 Dec 2005
CVE-2005-4077 Open this link in a new tabHow to fix?
Upgrade Debian:11 curl to version 7.15.1-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian:11.
See How to fix? for Debian:11 relevant fixed versions and status.
Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.
References
- ADVISORY
- Apple Security Announcement
- Apple Security Announcement
- BUGTRAQ
- CERT
- CONFIRM
- CONFIRM
- Debian Security Advisory
- FEDORA
- Gentoo Security Advisory
- Gentoo Security Advisory
- MISC
- MISC
- Oval Security
- SCO
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Security Focus
- Security Focus
- TRUSTIX
- UBUNTU
- Ubuntu Security Advisory
- VUPEN
- VUPEN
- VUPEN
- VUPEN