Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given "URL" starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string "file://").
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Haxx curl for Windows和DOS 安全漏洞
Vulnerability Description
Haxx curl for Windows和DOS是是瑞典Haxx公司的一套基于Windows和DOS平台的利用URL语法在命令行下工作的文件传输工具,该工具支持文件上传和下载,并包含一个用于程序开发的libcurl(客户端URL传输库)。 基于Windows和DOS平台的curl 7.54.1之前的版本中的‘libcurl's default protocol’函数存在安全漏洞。攻击者可利用该漏洞覆盖基于堆的内存缓冲区。
CVSS Information
N/A
Vulnerability Type
N/A