Lucene search
HistoryJul 31, 2013 - 1:20 p.m.
CVE-2013-2174
cve-2013-2174
buffer overflow
curl
libcurl
denial of service
remote attackers
application crash
arbitrary code
nvd
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
High
0.093 Low
EPSS
Percentile
94.7%
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a “%” (percent) character.
Affected configurations
Node
haxxcurlMatch7.7
ORhaxxcurlMatch7.7.1
ORhaxxcurlMatch7.7.2
ORhaxxcurlMatch7.7.3
ORhaxxcurlMatch7.8
ORhaxxcurlMatch7.8.1
ORhaxxcurlMatch7.9
ORhaxxcurlMatch7.9.1
ORhaxxcurlMatch7.9.2
ORhaxxcurlMatch7.9.3
ORhaxxcurlMatch7.9.4
ORhaxxcurlMatch7.9.5
ORhaxxcurlMatch7.9.6
ORhaxxcurlMatch7.9.7
ORhaxxcurlMatch7.9.8
ORhaxxcurlMatch7.10
ORhaxxcurlMatch7.10.1
ORhaxxcurlMatch7.10.2
ORhaxxcurlMatch7.10.3
ORhaxxcurlMatch7.10.4
ORhaxxcurlMatch7.10.5
ORhaxxcurlMatch7.10.6
ORhaxxcurlMatch7.10.7
ORhaxxcurlMatch7.10.8
ORhaxxcurlMatch7.11.0
ORhaxxcurlMatch7.11.1
ORhaxxcurlMatch7.11.2
ORhaxxcurlMatch7.12.0
ORhaxxcurlMatch7.12.1
ORhaxxcurlMatch7.12.2
ORhaxxcurlMatch7.12.3
ORhaxxcurlMatch7.13.0
ORhaxxcurlMatch7.13.1
ORhaxxcurlMatch7.13.2
ORhaxxcurlMatch7.14.0
ORhaxxcurlMatch7.14.1
ORhaxxcurlMatch7.15.0
ORhaxxcurlMatch7.15.1
ORhaxxcurlMatch7.15.2
ORhaxxcurlMatch7.15.3
ORhaxxcurlMatch7.15.4
ORhaxxcurlMatch7.15.5
ORhaxxcurlMatch7.16.0
ORhaxxcurlMatch7.16.1
ORhaxxcurlMatch7.16.2
ORhaxxcurlMatch7.16.3
ORhaxxcurlMatch7.16.4
ORhaxxcurlMatch7.17.0
ORhaxxcurlMatch7.17.1
ORhaxxcurlMatch7.18.0
ORhaxxcurlMatch7.18.1
ORhaxxcurlMatch7.18.2
ORhaxxcurlMatch7.19.0
ORhaxxcurlMatch7.19.1
ORhaxxcurlMatch7.19.2
ORhaxxcurlMatch7.19.3
ORhaxxcurlMatch7.19.4
ORhaxxcurlMatch7.19.5
ORhaxxcurlMatch7.19.6
ORhaxxcurlMatch7.19.7
ORhaxxcurlMatch7.20.0
ORhaxxcurlMatch7.20.1
ORhaxxcurlMatch7.21.0
ORhaxxcurlMatch7.21.1
ORhaxxcurlMatch7.21.2
ORhaxxcurlMatch7.21.3
ORhaxxcurlMatch7.21.4
ORhaxxcurlMatch7.21.5
ORhaxxcurlMatch7.21.6
ORhaxxcurlMatch7.21.7
ORhaxxcurlMatch7.22.0
ORhaxxcurlMatch7.23.0
ORhaxxcurlMatch7.23.1
ORhaxxcurlMatch7.24.0
ORhaxxcurlMatch7.25.0
ORhaxxcurlMatch7.26.0
ORhaxxcurlMatch7.27.0
ORhaxxcurlMatch7.28.0
ORhaxxcurlMatch7.28.1
ORhaxxcurlMatch7.29.0
ORhaxxcurlMatch7.30.0
Node
haxxlibcurlMatch7.7
ORhaxxlibcurlMatch7.7.1
ORhaxxlibcurlMatch7.7.2
ORhaxxlibcurlMatch7.7.3
ORhaxxlibcurlMatch7.8
ORhaxxlibcurlMatch7.8.1
ORhaxxlibcurlMatch7.9
ORhaxxlibcurlMatch7.9.1
ORhaxxlibcurlMatch7.9.2
ORhaxxlibcurlMatch7.9.3
ORhaxxlibcurlMatch7.9.4
ORhaxxlibcurlMatch7.9.5
ORhaxxlibcurlMatch7.9.6
ORhaxxlibcurlMatch7.9.7
ORhaxxlibcurlMatch7.9.8
ORhaxxlibcurlMatch7.10
ORhaxxlibcurlMatch7.10.1
ORhaxxlibcurlMatch7.10.2
ORhaxxlibcurlMatch7.10.3
ORhaxxlibcurlMatch7.10.4
ORhaxxlibcurlMatch7.10.5
ORhaxxlibcurlMatch7.10.6
ORhaxxlibcurlMatch7.10.7
ORhaxxlibcurlMatch7.10.8
ORhaxxlibcurlMatch7.11.0
ORhaxxlibcurlMatch7.11.1
ORhaxxlibcurlMatch7.11.2
ORhaxxlibcurlMatch7.12.0
ORhaxxlibcurlMatch7.12.1
ORhaxxlibcurlMatch7.12.2
ORhaxxlibcurlMatch7.12.3
ORhaxxlibcurlMatch7.13.0
ORhaxxlibcurlMatch7.13.1
ORhaxxlibcurlMatch7.13.2
ORhaxxlibcurlMatch7.14.0
ORhaxxlibcurlMatch7.14.1
ORhaxxlibcurlMatch7.15.0
ORhaxxlibcurlMatch7.15.1
ORhaxxlibcurlMatch7.15.2
ORhaxxlibcurlMatch7.15.3
ORhaxxlibcurlMatch7.15.4
ORhaxxlibcurlMatch7.15.5
ORhaxxlibcurlMatch7.16.0
ORhaxxlibcurlMatch7.16.1
ORhaxxlibcurlMatch7.16.2
ORhaxxlibcurlMatch7.16.3
ORhaxxlibcurlMatch7.16.4
ORhaxxlibcurlMatch7.17.0
ORhaxxlibcurlMatch7.17.1
ORhaxxlibcurlMatch7.18.0
ORhaxxlibcurlMatch7.18.1
ORhaxxlibcurlMatch7.18.2
ORhaxxlibcurlMatch7.19.0
ORhaxxlibcurlMatch7.19.1
ORhaxxlibcurlMatch7.19.2
ORhaxxlibcurlMatch7.19.3
ORhaxxlibcurlMatch7.19.4
ORhaxxlibcurlMatch7.19.5
ORhaxxlibcurlMatch7.19.6
ORhaxxlibcurlMatch7.19.7
ORhaxxlibcurlMatch7.20.0
ORhaxxlibcurlMatch7.20.1
ORhaxxlibcurlMatch7.21.0
ORhaxxlibcurlMatch7.21.1
ORhaxxlibcurlMatch7.21.2
ORhaxxlibcurlMatch7.21.3
ORhaxxlibcurlMatch7.21.4
ORhaxxlibcurlMatch7.21.5
ORhaxxlibcurlMatch7.21.6
ORhaxxlibcurlMatch7.21.7
ORhaxxlibcurlMatch7.22.0
ORhaxxlibcurlMatch7.23.0
ORhaxxlibcurlMatch7.23.1
ORhaxxlibcurlMatch7.24.0
ORhaxxlibcurlMatch7.25.0
ORhaxxlibcurlMatch7.26.0
ORhaxxlibcurlMatch7.27.0
ORhaxxlibcurlMatch7.28.0
ORhaxxlibcurlMatch7.28.1
ORhaxxlibcurlMatch7.29.0
ORhaxxlibcurlMatch7.30.0
Node
canonicalubuntu_linuxMatch10.04-lts
ORcanonicalubuntu_linuxMatch12.04-lts
ORcanonicalubuntu_linuxMatch12.10
ORcanonicalubuntu_linuxMatch13.04
ORopensuseopensuseMatch11.4
ORredhatenterprise_linuxMatch5
ORredhatenterprise_linuxMatch6.0
References
curl.haxx.se/docs/adv_20130622.html
lists.opensuse.org/opensuse-updates/2013-07/msg00013.html
rhn.redhat.com/errata/RHSA-2013-0983.html
www.debian.org/security/2013/dsa-2713
www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
www.securityfocus.com/bid/60737
www.ubuntu.com/usn/USN-1894-1
github.com/bagder/curl/commit/192c4f788d48f82c03e9cef40013f34370e90737
Related
nessus
nessus
Fedora 17 : curl-7.24.0-10.fc17 (2013-11568)
2013-07-23 00:00:00
SuSE 10 Security Update : curl (ZYPP Patch Number 8614)
2013-07-11 00:00:00
openvas
openvas
Ubuntu Update for curl USN-1894-1
2013-07-05 00:00:00
CentOS Update for curl CESA-2013:0983 centos5
2013-06-27 00:00:00
CentOS Update for curl CESA-2013:0983 centos6
2013-06-27 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package curl version 7.24.0-alt1.M60P.1
2013-06-24 00:00:00
ubuntu
ubuntu
curl vulnerability
2013-07-02 00:00:00
seebug
seebug
cURL/libcURL 'curl_easy_unescape()'堆内存破坏漏洞
2013-06-26 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:55:13
Denial Of Service (DoS)
2018-07-25 05:49:29
prion
prion
Heap overflow
2013-07-31 13:20:00
securityvulns
securityvulns
libcurl uninitialized memory reference
2013-07-01 00:00:00
[ MDVSA-2013:180 ] curl
2013-07-01 00:00:00
nvd
nvd
CVE-2013-2174
2013-07-31 13:20:25
cvelist
cvelist
CVE-2013-2174
2013-07-31 10:00:00
oraclelinux
oraclelinux
curl security update
2013-06-25 00:00:00
centos
centos
curl, libcurl security update
2013-06-26 02:20:36
debian
debian
[SECURITY] [DSA 2713-1] curl security update
2013-06-24 21:18:14
[SECURITY] [DSA 2713-1] curl security update
2013-06-24 21:18:14
fedora
fedora
[SECURITY] Fedora 19 Update: curl-7.29.0-7.fc19
2013-06-29 18:44:03
[SECURITY] Fedora 17 Update: curl-7.24.0-10.fc17
2013-07-23 01:11:16
[SECURITY] Fedora 19 Update: haproxy-1.4.24-1.fc19
2013-06-29 18:15:34
mageia
mageia
Updated curl packages fix CVE-2013-2174
2013-06-26 22:44:41
redhat
redhat
(RHSA-2013:0983) Moderate: curl security update
2013-06-25 00:00:00
(RHSA-2013:1076) Important: rhev-hypervisor6 security and bug fix update
2013-07-16 00:00:00
freebsd
freebsd
cURL library -- heap corruption in curl_easy_unescape
2013-06-22 00:00:00
slackware
slackware
[slackware-security] curl
2013-06-23 22:07:06
ubuntucve
ubuntucve
CVE-2013-2174
2013-06-24 00:00:00
debiancve
debiancve
CVE-2013-2174
2013-07-31 13:20:25
ibm
ibm
Security Bulletin: Vulnerabilities in cURL affect System x Integrated Management Module (IMM) (CVE-2013-2174, CVE-2014-0015, CVE-2014-138, CVE-2014-0139)
2019-01-31 01:35:01
gentoo
gentoo
cURL: Multiple vulnerabilities
2014-01-20 00:00:00
ics
ics
Hitachi Energy MSM Product
2022-08-30 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
High
0.093 Low
EPSS
Percentile
94.7%
Related for CVE-2013-2174