mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-30 04:49:42 +00:00
874 B
874 B
CVE-2013-2174
Description
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.
POC
Reference
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html