CVE-2013-2174 Information

Feb 14, 2021 cve

Description

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a \ (percent) character.

Reference

http://curl.haxx.se/docs/adv_20130622.html http://curl.haxx.se/docs/adv_20130622.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00013.html http://rhn.redhat.com/errata/RHSA-2013-0983.html http://www.debian.org/security/2013/dsa-2713 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/60737 http://www.ubuntu.com/usn/USN-1894-1 https://github.com/bagder/curl/commit/192c4f788d48f82c03e9cef40013f34370e90737 https://github.com/bagder/curl/commit/192c4f788d48f82c03e9cef40013f34370e90737 Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a \ (percent) character. cpe:2.3:a:haxx:curl:7.7:::::::* cpe:2.3:a:haxx:curl:7.7.1:::::::* cpe:2.3:a:haxx:curl:7.7.2:::::::* cpe:2.3:a:haxx:curl:7.7.3:::::::* cpe:2.3:a:haxx:curl:7.8:::::::* cpe:2.3:a:haxx:curl:7.8.1:::::::* cpe:2.3:a:haxx:curl:7.9:::::::* cpe:2.3:a:haxx:curl:7.9.1:::::::* cpe:2.3:a:haxx:curl:7.9.2:::::::* cpe:2.3:a:haxx:curl:7.9.3:::::::* cpe:2.3:a:haxx:curl:7.9.4:::::::* cpe:2.3:a:haxx:curl:7.9.5:::::::* cpe:2.3:a:haxx:curl:7.9.6:::::::* cpe:2.3:a:haxx:curl:7.9.7:::::::* cpe:2.3:a:haxx:curl:7.9.8:::::::* cpe:2.3:a:haxx:curl:7.10:::::::* cpe:2.3:a:haxx:curl:7.10.1:::::::* cpe:2.3:a:haxx:curl:7.10.2:::::::* cpe:2.3:a:haxx:curl:7.10.3:::::::* cpe:2.3:a:haxx:curl:7.10.4:::::::* cpe:2.3:a:haxx:curl:7.10.5:::::::* cpe:2.3:a:haxx:curl:7.10.6:::::::* cpe:2.3:a:haxx:curl:7.10.7:::::::* cpe:2.3:a:haxx:curl:7.10.8:::::::* cpe:2.3:a:haxx:curl:7.11.0:::::::* cpe:2.3:a:haxx:curl:7.11.1:::::::* cpe:2.3:a:haxx:curl:7.11.2:::::::* cpe:2.3:a:haxx:curl:7.12.0:::::::* cpe:2.3:a:haxx:curl:7.12.1:::::::* cpe:2.3:a:haxx:curl:7.12.2:::::::* cpe:2.3:a:haxx:curl:7.12.3:::::::* cpe:2.3:a:haxx:curl:7.13.0:::::::* cpe:2.3:a:haxx:curl:7.13.1:::::::* cpe:2.3:a:haxx:curl:7.13.2:::::::* cpe:2.3:a:haxx:curl:7.14.0:::::::* cpe:2.3:a:haxx:curl:7.14.1:::::::* cpe:2.3:a:haxx:curl:7.15.0:::::::* cpe:2.3:a:haxx:curl:7.15.1:::::::* cpe:2.3:a:haxx:curl:7.15.2:::::::* cpe:2.3:a:haxx:curl:7.15.3:::::::* cpe:2.3:a:haxx:curl:7.15.4:::::::* cpe:2.3:a:haxx:curl:7.15.5:::::::* cpe:2.3:a:haxx:curl:7.16.0:::::::* cpe:2.3:a:haxx:curl:7.16.1:::::::* cpe:2.3:a:haxx:curl:7.16.2:::::::* cpe:2.3:a:haxx:curl:7.16.3:::::::* cpe:2.3:a:haxx:curl:7.16.4:::::::* cpe:2.3:a:haxx:curl:7.17.0:::::::* cpe:2.3:a:haxx:curl:7.17.1:::::::* cpe:2.3:a:haxx:curl:7.18.0:::::::* cpe:2.3:a:haxx:curl:7.18.1:::::::* cpe:2.3:a:haxx:curl:7.18.2:::::::* cpe:2.3:a:haxx:curl:7.19.0:::::::* cpe:2.3:a:haxx:curl:7.19.1:::::::* cpe:2.3:a:haxx:curl:7.19.2:::::::* cpe:2.3:a:haxx:curl:7.19.3:::::::* cpe:2.3:a:haxx:curl:7.19.4:::::::* cpe:2.3:a:haxx:curl:7.19.5:::::::* cpe:2.3:a:haxx:curl:7.19.6:::::::* cpe:2.3:a:haxx:curl:7.19.7:::::::* cpe:2.3:a:haxx:curl:7.20.0:::::::* cpe:2.3:a:haxx:curl:7.20.1:::::::* cpe:2.3:a:haxx:curl:7.21.0:::::::* cpe:2.3:a:haxx:curl:7.21.1:::::::* cpe:2.3:a:haxx:curl:7.21.2:::::::* cpe:2.3:a:haxx:curl:7.21.3:::::::* cpe:2.3:a:haxx:curl:7.21.4:::::::* cpe:2.3:a:haxx:curl:7.21.5:::::::* cpe:2.3:a:haxx:curl:7.21.6:::::::* cpe:2.3:a:haxx:curl:7.21.7:::::::* cpe:2.3:a:haxx:curl:7.22.0:::::::* cpe:2.3:a:haxx:curl:7.23.0:::::::* cpe:2.3:a:haxx:curl:7.23.1:::::::* cpe:2.3:a:haxx:curl:7.24.0:::::::* cpe:2.3:a:haxx:curl:7.25.0:::::::* cpe:2.3:a:haxx:curl:7.26.0:::::::* cpe:2.3:a:haxx:curl:7.27.0:::::::* cpe:2.3:a:haxx:curl:7.28.0:::::::* cpe:2.3:a:haxx:curl:7.28.1:::::::* cpe:2.3:a:haxx:curl:7.29.0:::::::* cpe:2.3:a:haxx:curl:7.30.0:::::::* cpe:2.3:a:haxx:libcurl:7.7:::::::* cpe:2.3:a:haxx:libcurl:7.7.1:::::::* cpe:2.3:a:haxx:libcurl:7.7.2:::::::* cpe:2.3:a:haxx:libcurl:7.7.3:::::::* cpe:2.3:a:haxx:libcurl:7.8:::::::* cpe:2.3:a:haxx:libcurl:7.8.1:::::::* cpe:2.3:a:haxx:libcurl:7.9:::::::* cpe:2.3:a:haxx:libcurl:7.9.1:::::::* cpe:2.3:a:haxx:libcurl:7.9.2:::::::* cpe:2.3:a:haxx:libcurl:7.9.3:::::::* cpe:2.3:a:haxx:libcurl:7.9.4:::::::* cpe:2.3:a:haxx:libcurl:7.9.5:::::::* cpe:2.3:a:haxx:libcurl:7.9.6:::::::* cpe:2.3:a:haxx:libcurl:7.9.7:::::::* cpe:2.3:a:haxx:libcurl:7.9.8:::::::* cpe:2.3:a:haxx:libcurl:7.10:::::::* cpe:2.3:a:haxx:libcurl:7.10.1:::::::* cpe:2.3:a:haxx:libcurl:7.10.2:::::::* cpe:2.3:a:haxx:libcurl:7.10.3:::::::* cpe:2.3:a:haxx:libcurl:7.10.4:::::::* cpe:2.3:a:haxx:libcurl:7.10.5:::::::* cpe:2.3:a:haxx:libcurl:7.10.6:::::::* cpe:2.3:a:haxx:libcurl:7.10.7:::::::* cpe:2.3:a:haxx:libcurl:7.10.8:::::::* cpe:2.3:a:haxx:libcurl:7.11.0:::::::* cpe:2.3:a:haxx:libcurl:7.11.1:::::::* cpe:2.3:a:haxx:libcurl:7.11.2:::::::* cpe:2.3:a:haxx:libcurl:7.12.0:::::::* cpe:2.3:a:haxx:libcurl:7.12.1:::::::* cpe:2.3:a:haxx:libcurl:7.12.2:::::::* cpe:2.3:a:haxx:libcurl:7.12.3:::::::* cpe:2.3:a:haxx:libcurl:7.13.0:::::::* cpe:2.3:a:haxx:libcurl:7.13.1:::::::* cpe:2.3:a:haxx:libcurl:7.13.2:::::::* cpe:2.3:a:haxx:libcurl:7.14.0:::::::* cpe:2.3:a:haxx:libcurl:7.14.1:::::::* cpe:2.3:a:haxx:libcurl:7.15.0:::::::* cpe:2.3:a:haxx:libcurl:7.15.1:::::::* cpe:2.3:a:haxx:libcurl:7.15.2:::::::* cpe:2.3:a:haxx:libcurl:7.15.3:::::::* cpe:2.3:a:haxx:libcurl:7.15.4:::::::* cpe:2.3:a:haxx:libcurl:7.15.5:::::::* cpe:2.3:a:haxx:libcurl:7.16.0:::::::* cpe:2.3:a:haxx:libcurl:7.16.1:::::::* cpe:2.3:a:haxx:libcurl:7.16.2:::::::* cpe:2.3:a:haxx:libcurl:7.16.3:::::::* cpe:2.3:a:haxx:libcurl:7.16.4:::::::* cpe:2.3:a:haxx:libcurl:7.17.0:::::::* cpe:2.3:a:haxx:libcurl:7.17.1:::::::* cpe:2.3:a:haxx:libcurl:7.18.0:::::::* cpe:2.3:a:haxx:libcurl:7.18.1:::::::* cpe:2.3:a:haxx:libcurl:7.18.2:::::::* cpe:2.3:a:haxx:libcurl:7.19.0:::::::* cpe:2.3:a:haxx:libcurl:7.19.1:::::::* cpe:2.3:a:haxx:libcurl:7.19.2:::::::* cpe:2.3:a:haxx:libcurl:7.19.3:::::::* cpe:2.3:a:haxx:libcurl:7.19.4:::::::* cpe:2.3:a:haxx:libcurl:7.19.5:::::::* cpe:2.3:a:haxx:libcurl:7.19.6:::::::* cpe:2.3:a:haxx:libcurl:7.19.7:::::::* cpe:2.3:a:haxx:libcurl:7.20.0:::::::* cpe:2.3:a:haxx:libcurl:7.20.1:::::::* cpe:2.3:a:haxx:libcurl:7.21.0:::::::* cpe:2.3:a:haxx:libcurl:7.21.1:::::::* cpe:2.3:a:haxx:libcurl:7.21.2:::::::* cpe:2.3:a:haxx:libcurl:7.21.3:::::::* cpe:2.3:a:haxx:libcurl:7.21.4:::::::* cpe:2.3:a:haxx:libcurl:7.21.5:::::::* cpe:2.3:a:haxx:libcurl:7.21.6:::::::* cpe:2.3:a:haxx:libcurl:7.21.7:::::::* cpe:2.3:a:haxx:libcurl:7.22.0:::::::* cpe:2.3:a:haxx:libcurl:7.23.0:::::::* cpe:2.3:a:haxx:libcurl:7.23.1:::::::* cpe:2.3:a:haxx:libcurl:7.24.0:::::::* cpe:2.3:a:haxx:libcurl:7.25.0:::::::* cpe:2.3:a:haxx:libcurl:7.26.0:::::::* cpe:2.3:a:haxx:libcurl:7.27.0:::::::* cpe:2.3:a:haxx:libcurl:7.28.0:::::::* cpe:2.3:a:haxx:libcurl:7.28.1:::::::* cpe:2.3:a:haxx:libcurl:7.29.0:::::::* cpe:2.3:a:haxx:libcurl:7.30.0:::::::*

Share on: