6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.093 Low
EPSS
Percentile
94.7%
CentOS Errata and Security Advisory CESA-2013:0983
cURL provides the libcurl library and a command line tool for downloading
files from servers using various protocols, including HTTP, FTP, and LDAP.
A heap-based buffer overflow flaw was found in the way libcurl unescaped
URLs. A remote attacker could provide a specially-crafted URL that, when
processed by an application using libcurl that handles untrusted URLs,
would possibly cause it to crash or, potentially, execute arbitrary code.
(CVE-2013-2174)
Red Hat would like to thank the cURL project for reporting this issue.
Upstream acknowledges Timo Sirainen as the original reporter.
Users of curl should upgrade to these updated packages, which contain a
backported patch to correct this issue. All running applications using
libcurl must be restarted for the update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-June/081972.html
https://lists.centos.org/pipermail/centos-announce/2013-June/081977.html
Affected packages:
curl
curl-devel
libcurl
libcurl-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2013:0983
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | curl | < 7.19.7-37.el6_4 | curl-7.19.7-37.el6_4.i686.rpm |
CentOS | 6 | i686 | libcurl | < 7.19.7-37.el6_4 | libcurl-7.19.7-37.el6_4.i686.rpm |
CentOS | 6 | i686 | libcurl-devel | < 7.19.7-37.el6_4 | libcurl-devel-7.19.7-37.el6_4.i686.rpm |
CentOS | 6 | x86_64 | curl | < 7.19.7-37.el6_4 | curl-7.19.7-37.el6_4.x86_64.rpm |
CentOS | 6 | i686 | libcurl | < 7.19.7-37.el6_4 | libcurl-7.19.7-37.el6_4.i686.rpm |
CentOS | 6 | x86_64 | libcurl | < 7.19.7-37.el6_4 | libcurl-7.19.7-37.el6_4.x86_64.rpm |
CentOS | 6 | i686 | libcurl-devel | < 7.19.7-37.el6_4 | libcurl-devel-7.19.7-37.el6_4.i686.rpm |
CentOS | 6 | x86_64 | libcurl-devel | < 7.19.7-37.el6_4 | libcurl-devel-7.19.7-37.el6_4.x86_64.rpm |
CentOS | 5 | i386 | curl | < 7.15.5-17.el5_9 | curl-7.15.5-17.el5_9.i386.rpm |
CentOS | 5 | i386 | curl-devel | < 7.15.5-17.el5_9 | curl-devel-7.15.5-17.el5_9.i386.rpm |