Lucene search
Redhat.comRH:CVE-2017-9502HistoryJun 14, 2017 - 8:50 a.m.
CVE-2017-9502
2017-06-1408:50:08
redhat.com
access.redhat.com
7
0.002 Low
EPSS
Percentile
60.0%
In curl before 7.54.1 on Windows and DOS, libcurl’s default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given “URL” starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string “file://”).
Related
nessus
nessus
Fedora 26 : mingw-curl (2017-03fc914348)
2017-07-17 00:00:00
osv
osv
CVE-2017-9502
2017-06-14 13:29:00
cvelist
cvelist
CVE-2017-9502
2017-06-14 13:00:00
debiancve
debiancve
CVE-2017-9502
2017-06-14 13:29:00
cve
cve
CVE-2017-9502
2017-06-14 13:29:00
freebsd
freebsd
cURL -- URL file scheme drive letter buffer overflow
2017-06-14 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: mingw-curl-7.54.1-1.fc26
2017-06-21 02:38:08
veracode
veracode
Denial Of Service (DoS)
2021-07-05 06:41:15
ubuntucve
ubuntucve
CVE-2017-9502
2017-06-14 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.54.1-alt1
2017-06-14 00:00:00
prion
prion
Heap overflow
2017-06-14 13:29:00
nvd
nvd
CVE-2017-9502
2017-06-14 13:29:00
ibm
ibm
rosalinux
rosalinux
Advisory ROSA-SA-2021-1818
2021-07-02 16:36:57