CVE-2006-1061
published 2006-03-21CVE-2006-1061: Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.83%
88.4th percentile
Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| daniel_stenberg | curl | — | — |
| daniel_stenberg | curl | — | — |
| daniel_stenberg | curl | — | — |
| debian | curl | < curl 7.15.3-1 (bookworm) | curl 7.15.3-1 (bookworm) |
| haxx | curl | >= 0 < 7.15.3-1 | 7.15.3-1 |
| haxx | curl | >= 0 < 7.15.3-1 | 7.15.3-1 |
| haxx | curl | >= 0 < 7.15.3-1 | 7.15.3-1 |
| haxx | curl | >= 0 < 7.15.3-1 | 7.15.3-1 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2006-1061: curl - Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remo...
vendor_debian·2006·CVSS 7.5
CVE-2006-1061 [HIGH] CVE-2006-1061: curl - Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remo...
Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.
Scope: local
bookworm: resolved (fixed in 7.15.3-1)
bullseye: resolved (fixed in 7.15.3-1)
forky: resolved (fixed in 7.15.3-1)
sid: resolved (fixed in 7.15.3-1)
trixie: resolved (fixed in 7.15.3-1)
GHSA
GHSA-64x8-5wwv-7rw9: Heap-based buffer overflow in cURL and libcURL 7
ghsa_unreviewed·2022-05-01
CVE-2006-1061 [HIGH] GHSA-64x8-5wwv-7rw9: Heap-based buffer overflow in cURL and libcURL 7
Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.
OSV
CVE-2006-1061: Heap-based buffer overflow in cURL and libcURL 7
osv·2006-03-21·CVSS 7.5
CVE-2006-1061 [HIGH] CVE-2006-1061: Heap-based buffer overflow in cURL and libcURL 7
Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.
No detection rules found.
No public exploits indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1326.htmlhttp://curl.haxx.se/docs/adv_20060320.htmlhttp://secunia.com/advisories/19271http://secunia.com/advisories/19335http://secunia.com/advisories/19344http://secunia.com/advisories/19371http://www.gentoo.org/security/en/glsa/glsa-200603-19.xmlhttp://www.osvdb.org/23982http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00048.htmlhttp://www.securityfocus.com/bid/17154http://www.trustix.org/errata/2006/0016http://www.vupen.com/english/advisories/2006/1008https://exchange.xforce.ibmcloud.com/vulnerabilities/25318http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1326.htmlhttp://curl.haxx.se/docs/adv_20060320.htmlhttp://secunia.com/advisories/19271http://secunia.com/advisories/19335http://secunia.com/advisories/19344http://secunia.com/advisories/19371http://www.gentoo.org/security/en/glsa/glsa-200603-19.xmlhttp://www.osvdb.org/23982http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00048.htmlhttp://www.securityfocus.com/bid/17154http://www.trustix.org/errata/2006/0016http://www.vupen.com/english/advisories/2006/1008https://exchange.xforce.ibmcloud.com/vulnerabilities/25318
2006-03-21
Published