• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

cURL / libcURL URL Parser Buffer Overflow Vulnerability

cURL and libcURL are prone to a buffer-overflow vulnerability. This issue is due to a failure in the library to perform proper bounds checks on user-supplied data before using it in a finite-sized buffer.

The issues occur when the URL parser function handles an excessively long URL string.

An attacker can exploit this issue to crash the affected library, effectively denying service. Arbitrary code execution may also be possible, which may facilitate a compromise of the underlying system.