Published: 22/08/2023 Updated: 11/04/2024

CVSS v3 Base Score: 3.3 | Impact Score: 1.4 | Exploitability Score: 1.8

VMScore: 0

Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haxx curl 7.65.2

Integer overflow vulnerability in tool_operatec in curl 7652 via crafted value as the retry delay (CVE-2020-19909) libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash This f ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-190 https://github.com/curl/curl/pull/4166 https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2023-2230.html https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-19909

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect