CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
86.9%
When curl retrieves an HTTP response, it stores the incoming headers so
that they can be accessed later via the libcurl headers API. However, curl
did not have a limit in how many or how large headers it would accept in a
response, allowing a malicious server to stream an endless series of
headers and eventually cause curl to run out of heap memory.
Author | Note |
---|---|
alexmurray | Vulnerable code exists since 7.83.0 but was an experimental feature not enabled by default and only enabled in 7.84.0. Fixed in upstream release 8.3.0. |