Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-0734

Опубликовано: 19 мар. 2010
Источник: nvd
CVSS2: 6.8
EPSS Низкий

Описание

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:curl:libcurl:7.10.5:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.10.6:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.10.7:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.10.8:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.11.0:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.11.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.11.2:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.12:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.12.0:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.12.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.12.2:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.12.3:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.13:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.13.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.13.2:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.14:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.14.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.15:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.15.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.15.2:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.15.3:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.16.3:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.17.0:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.17.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.18.0:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.18.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.18.2:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.19.0:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.19.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.19.2:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.19.3:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.19.4:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.19.5:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.19.6:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.19.7:*:*:*:*:*:*:*

EPSS

Процентиль: 89%
0.04759
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2010-0734

ubuntu
больше 15 лет назад

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.

redhat логотип

CVE-2010-0734

redhat
больше 15 лет назад

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.

debian логотип

CVE-2010-0734

debian
больше 15 лет назад

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enab ...

github логотип

GHSA-65fc-r6mj-6v9j

github
больше 3 лет назад

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.

oracle-oval логотип

ELSA-2010-0273

oracle-oval
больше 15 лет назад

ELSA-2010-0273: curl security, bug fix and enhancement update (MODERATE)

EPSS

Процентиль: 89%
0.04759
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-264