curl is vulnerable to arbitrary code execution attacks. The vulnerability exists as multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.
access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html
access.redhat.com/errata/RHSA-2017:2016
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1341503
bugzilla.redhat.com/show_bug.cgi?id=1374740
bugzilla.redhat.com/show_bug.cgi?id=1388162
bugzilla.redhat.com/show_bug.cgi?id=1404815
bugzilla.redhat.com/show_bug.cgi?id=1420327