Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
cURL/libcURL ‘curl_easy_unescape()’堆内存破坏漏洞
Vulnerability Description
Haxx curl是瑞典Haxx公司的一套利用URL语法在命令行下工作的文件传输工具,该工具支持文件上传和下载,并包含一个用于程序开发的libcurl(客户端URL传输库)。 cURL和libcurl 7.7至7.30.0版本中的lib/escape.c文件中的‘curl_easy_unescape’函数中存在基于堆的缓冲区溢出漏洞。远程攻击者可通过以%字符结尾的字符串,利用该漏洞造成拒绝服务(应用程序崩溃)或可能执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A