Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2010-0734

Published: 19/03/2010 Updated: 10/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Libcurl

Vulnerability Summary

content_encoding.c in libcurl 7.10.5 up to and including 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote malicious users to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.

Vulnerable Product Search on Vulmon Subscribe to Product

curl libcurl 7.10.8

curl libcurl 7.11.0

curl libcurl 7.12.3

curl libcurl 7.13

curl libcurl 7.15.2

curl libcurl 7.15.3

curl libcurl 7.19.1

curl libcurl 7.19.2

curl libcurl 7.10.5

curl libcurl 7.10.6

curl libcurl 7.10.7

curl libcurl 7.12.1

curl libcurl 7.12.2

curl libcurl 7.15

curl libcurl 7.15.1

curl libcurl 7.18.2

curl libcurl 7.19.0

curl libcurl 7.19.7

curl libcurl 7.12

curl libcurl 7.12.0

curl libcurl 7.14

curl libcurl 7.14.1

curl libcurl 7.17.1

curl libcurl 7.18.0

curl libcurl 7.18.1

curl libcurl 7.19.5

curl libcurl 7.19.6

curl libcurl 7.11.1

curl libcurl 7.11.2

curl libcurl 7.13.1

curl libcurl 7.13.2

curl libcurl 7.16.3

curl libcurl 7.17.0

curl libcurl 7.19.3

curl libcurl 7.19.4

Vendor Advisories

Ubuntu Security Notice: curl vulnerabilities
Multiple vulnerabilities in curl ...
Red Hat: Moderate: curl security update
Synopsis Moderate: curl security update Type/Severity Security Advisory: Moderate Topic Updated curl packages that fix one security issue are now available for RedHat Enterprise Linux 3 and 4The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerability S ...
Red Hat: Moderate: curl security, bug fix and enhancement update
Synopsis Moderate: curl security, bug fix and enhancement update Type/Severity Security Advisory: Moderate Topic Updated curl packages that fix one security issue, various bugs, and addenhancements are now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as h ...
Debian Security Advisories: DSA-2023-1 curl -- buffer overflow
Wesley Miaw discovered that libcurl, a multi-protocol file transfer library, is prone to a buffer overflow via the callback function when an application relies on libcurl to automatically uncompress data Note that this only affects applications that trust libcurl's maximum limit for a fixed buffer size and do not perform any sanity checks themselv ...

References

CWE-264http://www.openwall.com/lists/oss-security/2010/03/09/1http://www.openwall.com/lists/oss-security/2010/02/09/5https://bugzilla.redhat.com/show_bug.cgi?id=563220http://curl.haxx.se/libcurl-contentencoding.patchhttp://curl.haxx.se/docs/adv_20100209.htmlhttp://curl.haxx.se/docs/security.html#20100209http://www.openwall.com/lists/oss-security/2010/03/16/11http://secunia.com/advisories/38843http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.htmlhttp://www.vupen.com/english/advisories/2010/0602http://secunia.com/advisories/38981http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.htmlhttp://www.vupen.com/english/advisories/2010/0571http://www.mandriva.com/security/advisories?name=MDVSA-2010:062http://www.vupen.com/english/advisories/2010/0725http://www.vupen.com/english/advisories/2010/0660http://www.debian.org/security/2010/dsa-2023http://secunia.com/advisories/39087http://secunia.com/advisories/39734http://www.redhat.com/support/errata/RHSA-2010-0329.htmlhttp://support.avaya.com/css/P8/documents/100081819http://secunia.com/advisories/40220http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlhttp://www.vupen.com/english/advisories/2010/1481http://support.apple.com/kb/HT4188http://wiki.rpath.com/Advisories:rPSA-2010-0072http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.ubuntu.com/usn/USN-1158-1http://secunia.com/advisories/45047https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760http://security.gentoo.org/glsa/glsa-201203-02.xmlhttp://secunia.com/advisories/48256http://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.securityfocus.com/archive/1/514490/100/0/threadedhttps://usn.ubuntu.com/1158-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook