Lucene search
MitreCVELIST:CVE-2017-9502HistoryJun 14, 2017 - 1:00 p.m.
CVE-2017-9502
2017-06-1413:00:00
mitre
www.cve.org
In curl before 7.54.1 on Windows and DOS, libcurl’s default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given “URL” starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string “file://”).
Related
osv
osv
CVE-2017-9502
2017-06-14 13:29:00
debiancve
debiancve
CVE-2017-9502
2017-06-14 13:29:00
nessus
nessus
Fedora 26 : mingw-curl (2017-03fc914348)
2017-07-17 00:00:00
cve
cve
CVE-2017-9502
2017-06-14 13:29:00
redhatcve
redhatcve
CVE-2017-9502
2017-06-14 08:50:08
freebsd
freebsd
cURL -- URL file scheme drive letter buffer overflow
2017-06-14 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: mingw-curl-7.54.1-1.fc26
2017-06-21 02:38:08
veracode
veracode
Denial Of Service (DoS)
2021-07-05 06:41:15
ubuntucve
ubuntucve
CVE-2017-9502
2017-06-14 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.54.1-alt1
2017-06-14 00:00:00
prion
prion
Heap overflow
2017-06-14 13:29:00
ibm
ibm
nvd
nvd
CVE-2017-9502
2017-06-14 13:29:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1818
2021-07-02 16:36:57