Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
cURL/libcURL ‘Curl_sasl_create_digest_md5_message()’栈缓冲区溢出漏洞
Vulnerability Description
Haxx curl是瑞典Haxx公司的一套利用URL语法在命令行下工作的文件传输工具,该工具支持文件上传和下载,并包含一个用于程序开发的libcurl(客户端URL传输库)。 curl和libcurl 7.26.0至7.28.1版本中的lib/curl_sasl.c中的‘Curl_sasl_create_digest_md5_message’函数中存在基于栈的缓冲区溢出漏洞。当协商SASL DIGEST-MD5身份认证时,通过在(1)POP3(2)SMTP或(3)IMAP消息中的realm参数中加入较长的
CVSS Information
N/A
Vulnerability Type
N/A