Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
macidn punycode buffer overread
Vulnerability Description
libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the *macidn* IDN backend. The conversion function then fills up the provided buffer exactly - but does not null terminate the string. This flaw can lead to stack contents accidently getting returned as part of the converted string.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
libcurl 安全漏洞
Vulnerability Description
libcurl是cURL开源的一个免费且易于使用的客户端 URL 传输库。 libcurl URL API 8.8.0版本存在安全漏洞,该漏洞源于函数curl_url_get()在处理IDN转换时,会读取基于堆栈的缓冲区之外的内容,可能导致堆栈内容意外作为转换后的字符串的一部分返回。
CVSS Information
N/A
Vulnerability Type
N/A