Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a ? separator in the hostname portion, which causes a / to be prepended to the resulting string.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Curl | Daniel_stenberg | 7.11.2 (including) | 7.11.2 (including) |
| Curl | Daniel_stenberg | 7.12 (including) | 7.12 (including) |
| Curl | Daniel_stenberg | 7.12.1 (including) | 7.12.1 (including) |
| Curl | Daniel_stenberg | 7.12.2 (including) | 7.12.2 (including) |
| Curl | Daniel_stenberg | 7.12.3 (including) | 7.12.3 (including) |
| Curl | Daniel_stenberg | 7.13 (including) | 7.13 (including) |
| Curl | Daniel_stenberg | 7.13.1 (including) | 7.13.1 (including) |
| Curl | Daniel_stenberg | 7.13.2 (including) | 7.13.2 (including) |
| Curl | Daniel_stenberg | 7.14 (including) | 7.14 (including) |
| Curl | Daniel_stenberg | 7.14.1 (including) | 7.14.1 (including) |
| Curl | Daniel_stenberg | 7.15 (including) | 7.15 (including) |