libcurl.so is vulnerable to information disclosures. A malicious user can pass a URL with filename longer than 515 bytes during a TFTP transfer to cause curl to send more data than is actually in the buffer, leading to the sendto
function sending data past the heap based buffer. This can cause sensitive information on the buffer to be sent to the malicious user.