CVE-2013-2174 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Curl
Severity
6.8MEDIUMNVD
EPSS
3.2%
top 13.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 31
Latest updateMay 14
Description
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.
CVSS vector
AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4
Affected Packages4 packages
Also affects: Ubuntu Linux 10.04, 12.04, 12.10, 13.04, Enterprise Linux 5, 6.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-98vv-mx5c-xg6c: Heap-based buffer overflow in the curl_easy_unescape function in lib/escape↗2022-05-14
CVEList▶
CVE-2013-2174: Heap-based buffer overflow in the curl_easy_unescape function in lib/escape↗2013-07-31
OSV▶
CVE-2013-2174: Heap-based buffer overflow in the curl_easy_unescape function in lib/escape↗2013-07-31
📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2013-2174 curl: Loop counter error, leading to heap-based buffer overflow when decoding certain URLs [fedora-all]↗2013-06-26
Bugzilla▶
CVE-2013-2174 curl: Loop counter error, leading to heap-based buffer overflow when decoding certain URLs [epel-5]↗2013-06-26
Bugzilla▶
CVE-2013-2174 curl: Loop counter error, leading to heap-based buffer overflow when decoding certain URLs↗2013-05-21