CVE-2010-0734: content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that…

CVE-2010-0734 [MEDIUM] libcURL up to 7.19.7 content_encoding.c access control (Nessus ID 68025 / ID 216009) A vulnerability labeled as problematic has been found in libcURL. Affected by this vulnerability is an unknown functionality of the file content_encoding.c. The manipulation results in improper access controls. This vulnerability is reported as CVE-2010-0734. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

CVE-2010-0734 [MEDIUM] GHSA-65fc-r6mj-6v9j: content_encoding content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.

CVE-2010-0734 [MEDIUM] CVE-2010-0734: content_encoding content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.

CVE-2009-2417 [HIGH] curl vulnerabilities Title: curl vulnerabilities Summary: Multiple vulnerabilities in curl. Richard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation, handing the server a copy of the client's security credential. (CVE-2011-2192) Wesley Miaw discovered that when zlib is enabled, libcurl does not properly restrict the amount of callback data sent to an application that requests automatic decompression. This might allow an attacker to cause a denial of service via an application crash or possibly execute arbitrary code with the privilege of the application. This issue only affected Ubuntu 8.04 LTS and Ubuntu 10.04 LTS. (CVE-2010-0734) USN 818-1 fixed an issue with curl's handling of SSL certificates with zero bytes in the Common Name. Due to a

CVE-2008-0085 [MEDIUM] Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMSA-2011-0003: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Advisory VMware Security Advisory Advisory ID: VMware Security Advisory Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Advisory Issue date: VMware Security Advisory Updated on: VMware Security Advisory CVE numbers: CVEs: CVE-2008-0085, CVE-2008-0086, CVE-2008-0106, CVE-2008-0107, CVE-2008-3825, CVE-2008-5416, CVE-2009-1384, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2009-3555, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0008, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085,

CVE-2010-0734 [MEDIUM] curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.

CVE-2010-0734 [MEDIUM] CVE-2010-0734: curl - content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does ... content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. Scope: local bookworm: resolved (fixed in 7.20.0-1) bullseye: resolved (fixed in 7.20.0-1) forky: resolved (fixed in 7.20.0-1) sid: resolved (fixed in 7.20.0-1) trixie: resolved (fixed in 7.20.0-1)

CVE-2010-0734 [MEDIUM] CVE-2010-0734 curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback CVE-2010-0734 curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback A stack based buffer overflow flaw was found in the way libcurl used to uncompress zlib compressed data. If an application, using libcurl, was downloading compressed content over HTTP and asked libcurl to automatically uncompress data, it might lead to denial of service (application crash) or, potentially, to arbitrary code execution with the privileges of that application. Upstream advisory: [1] http://curl.haxx.se/docs/adv_20100209.html Upstream patch: [2] http://curl.haxx.se/libcurl-contentencoding.patch Affected versions of cURL/libCURL (from [1]): 7.10.5 to and including 7.19.7 Other references: [3] http://curl.haxx.se/docs/security.html#20100209 [4] http://curl.haxx.se/