Denial Of Service (DoS)

2022-10-2611:37:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

libcurl vulnerability stack-based buffer overflow .netrc file crash

0.002 Low

EPSS

Percentile

52.1%

JSON

libcurl.so is vulnerable to denial of service. The vulnerability exists due to stack-based buffer overflow when curl is instructed to parse a .netrc file for credentials which allows an attacker to crash the application via malicious input.

CPENameOperatorVersion
curl:edgeeq7.82.0-r0
curl:edgeeq7.84.0-r1
curl:edgeeq7.76.1-r0
curl:edgeeq7.84.0-r2
curl:edgeeq7.77.0-r1
curl:edgeeq7.69.0-r1
curl:edgeeq7.78.0-r0
curl:edgeeq7.75.0-r0
curl:edgeeq7.81.0-r1
curl:edgeeq7.83.0-r0

Name	Operator	Version
curl:edge	eq	7.82.0-r0
curl:edge	eq	7.84.0-r1
curl:edge	eq	7.76.1-r0
curl:edge	eq	7.84.0-r2
curl:edge	eq	7.77.0-r1
curl:edge	eq	7.69.0-r1
curl:edge	eq	7.78.0-r0
curl:edge	eq	7.75.0-r0
curl:edge	eq	7.81.0-r1
curl:edge	eq	7.83.0-r0