Описание
When libcurl is asked to perform automatic gzip decompression of
content-encoded HTTP responses with the CURLOPT_ACCEPT_ENCODING option,
using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would
make libcurl perform a buffer overflow.
When libcurl is asked to perform automatic gzip decompression of
content-encoded HTTP responses with the CURLOPT_ACCEPT_ENCODING option,
using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would
make libcurl perform a buffer overflow.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-0725
- https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7
- https://hackerone.com/reports/2956023
- https://curl.se/docs/CVE-2025-0725.html
- https://curl.se/docs/CVE-2025-0725.json
- https://security.netapp.com/advisory/ntap-20250306-0009
- http://www.openwall.com/lists/oss-security/2025/02/05/3
- http://www.openwall.com/lists/oss-security/2025/02/06/2
- http://www.openwall.com/lists/oss-security/2025/02/06/4
Связанные уязвимости
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.
When libcurl is asked to perform automatic gzip decompression of conte ...