VULHUB ™

Gentoo Linux Security Advisory GLSA 200512-09 - Stefan Esser from the Hardened-PHP Project has reported a vulnerability in cURL that allows for a local buffer overflow when cURL attempts to parse specially crafted URLs. The URL can be specially crafted in one of two ways: the URL could be malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer; or the URL could contain a ? separator in the hostname portion, which causes a / to be prepended to the resulting string. Versions less than 7.15.1 are affected.

Gentoo Linux Security Advisory GLSA 200512-09 - Stefan Esser from the Hardened-PHP Project has reported a vulnerability in cURL that allows for a local buffer overflow when cURL attempts to parse specially crafted URLs. The URL can be specially crafted in one of two ways: the URL could be malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer; or the URL could contain a ? separator in the hostname portion, which causes a / to be prepended to the resulting string. Versions less than 7.15.1 are affected.