Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Haxx cURL和libcurl 拒绝服务漏洞
Vulnerability Description
Haxx curl和libcurl都是瑞典Haxx公司的产品。curl是一套利用URL语法在命令行下工作的文件传输工具。libcurl是一个免费、开源的客户端URL传输库。 Haxx cURL和libcurl 7.31.0版本至7.41.0版本的‘sanitize_cookie_path’函数中存在安全漏洞,该漏洞源于程序没有正确计算索引。远程攻击者可借助只有双引号字符的cookie路径利用该漏洞造成拒绝服务(越边界写入和崩溃)。
CVSS Information
N/A
Vulnerability Type
N/A