CVE-2025-0725 Information
Feb 06, 2025
cve
Description
When libcurl is asked to perform automatic gzip decompression of
content-encoded HTTP responses with the CURLOPT_ACCEPT_ENCODING option
using zlib 1.2.0.3 or older an attacker-controlled integer overflow would
make libcurl perform a buffer overflow.
Reference
cve@curl.se
http://www.openwall.com/lists/oss-security/2025/02/05/3
https://curl.se/docs/CVE-2025-0725.html
https://curl.se/docs/CVE-2025-0725.json
https://hackerone.com/reports/2956023
When
libcurl
is
asked
to
perform
automatic
gzip
decompression
of
content-encoded
HTTP
responses
with
the
CURLOPT_ACCEPT_ENCODING
option
using
zlib
1.2.0.3
or
older
an
attacker-controlled
integer
overflow
would
make
libcurl
perform
a
buffer
overflow.