Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-2023-1 curl -- buffer overflow

Related Vulnerabilities: CVE-2010-0734  

Wesley Miaw discovered that libcurl, a multi-protocol file transfer library, is prone to a buffer overflow via the callback function when an application relies on libcurl to automatically uncompress data. Note that this only affects applications that trust libcurl's maximum limit for a fixed buffer size and do not perform any sanity checks themselves. For the stable distribution (lenny), this problem has been fixed in version 7.18.2-8lenny4. Due to a problem with the archive software, we are unable to release all architectures simultaneously. Binaries for the hppa, ia64, mips, mipsel and s390 architectures will be provided once they are available. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 7.20.0-1. We recommend that you upgrade your curl packages.

Source

Debian Security Advisory

DSA-2023-1 curl -- buffer overflow

Date Reported:
28 Mar 2010
Affected Packages:
curl
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2010-0734.
More information:

Wesley Miaw discovered that libcurl, a multi-protocol file transfer library, is prone to a buffer overflow via the callback function when an application relies on libcurl to automatically uncompress data. Note that this only affects applications that trust libcurl's maximum limit for a fixed buffer size and do not perform any sanity checks themselves.

For the stable distribution (lenny), this problem has been fixed in version 7.18.2-8lenny4.

Due to a problem with the archive software, we are unable to release all architectures simultaneously. Binaries for the hppa, ia64, mips, mipsel and s390 architectures will be provided once they are available.

For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 7.20.0-1.

We recommend that you upgrade your curl packages.

Fixed in:

Debian GNU/Linux 5.0 (lenny)

Source:
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4.dsc
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2.orig.tar.gz
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4.diff.gz
Alpha:
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_alpha.deb
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_alpha.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_alpha.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_alpha.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_alpha.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_amd64.deb
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_amd64.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_amd64.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_amd64.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_amd64.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_arm.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_arm.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_arm.deb
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_arm.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_arm.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_arm.deb
ARM EABI:
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_armel.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_armel.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_armel.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_armel.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_armel.deb
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_armel.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_i386.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_i386.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_i386.deb
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_i386.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_i386.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_i386.deb
PowerPC:
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_powerpc.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_powerpc.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_powerpc.deb
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_powerpc.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_powerpc.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_powerpc.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_sparc.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_sparc.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_sparc.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_sparc.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_sparc.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started