Arbitrary Code Execution

2019-01-1509:18:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.015 Low

EPSS

Percentile

86.8%

JSON

curl is vulnerable to arbitrary code execution attacks. The vulnerability exists as multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.

CPENameOperatorVersion
curleq7.29.0__32.el7
httpd24-httpdeq2.4.27__8.el6.1
httpd24-httpdeq2.4.25__9.el6
httpd24-httpdeq2.4.27__8.el7.1
httpd24-httpdeq2.4.27__8.el7
httpd24-httpdeq2.4.27__8.el6
httpd24-httpdeq2.4.18__10.el6
httpd24-httpdeq2.4.25__8.el6
httpd24-httpdeq2.4.25__9.el6.1
httpd24-httpdeq2.4.25__9.el7

Name	Operator	Version
curl	eq	7.29.0__32.el7
httpd24-httpd	eq	2.4.27__8.el6.1
httpd24-httpd	eq	2.4.25__9.el6
httpd24-httpd	eq	2.4.27__8.el7.1
httpd24-httpd	eq	2.4.27__8.el7
httpd24-httpd	eq	2.4.27__8.el6
httpd24-httpd	eq	2.4.18__10.el6
httpd24-httpd	eq	2.4.25__8.el6
httpd24-httpd	eq	2.4.25__9.el6.1
httpd24-httpd	eq	2.4.25__9.el7