Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Curl | Daniel_stenberg | 6.0 (including) | 6.0 (including) |
| Curl | Daniel_stenberg | 6.1 (including) | 6.1 (including) |
| Curl | Daniel_stenberg | 6.1beta (including) | 6.1beta (including) |
| Curl | Daniel_stenberg | 6.3 (including) | 6.3 (including) |
| Curl | Daniel_stenberg | 6.4 (including) | 6.4 (including) |
| Curl | Daniel_stenberg | 6.5 (including) | 6.5 (including) |
| Curl | Daniel_stenberg | 6.5.1 (including) | 6.5.1 (including) |
| Curl | Daniel_stenberg | 6.5.2 (including) | 6.5.2 (including) |
| Curl | Daniel_stenberg | 7.1 (including) | 7.1 (including) |
| Curl | Daniel_stenberg | 7.1.1 (including) | 7.1.1 (including) |
| Curl | Daniel_stenberg | 7.2 (including) | 7.2 (including) |
| Curl | Daniel_stenberg | 7.2.1 (including) | 7.2.1 (including) |
| Curl | Daniel_stenberg | 7.3 (including) | 7.3 (including) |
| Curl | Daniel_stenberg | 7.4 (including) | 7.4 (including) |
References
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:72.curl.asc
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0331.html
- http://www.securityfocus.com/bid/1804
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5374
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:72.curl.asc
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0331.html
- http://www.securityfocus.com/bid/1804
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5374