[security-alerts] FW: [SA17907] cURL/libcURL URL Parsing Off-By-One Vulnerability

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> TITLE:
> cURL/libcURL URL Parsing Off-By-One Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA17907
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/17907/
> 
> CRITICAL:
> Less critical
> 
> IMPACT:
> Unknown
> 
> WHERE:
> Local system
> 
> SOFTWARE:
> cURL 7.x
> http://secunia.com/product/4691/
> 
> DESCRIPTION:
> Stefan Esser has reported a vulnerability in cURL/libcURL, which has
> an unknown impact.
> 
> The vulnerability is caused due to an off-by-one error when parsing
> an URL that is longer than 256 bytes. By using a specially crafted
> URL, a two-byte overflow is reportedly possible. This may be
> exploited to corrupt memory allocation structures.  The vulnerability
> is reportedly exploitable only via a direct request to cURL and not
> via a redirect.
> 
> The vulnerability has been reported in version 7.15.0 and prior.
> 
> NOTE: The actual impact of this vulnerability depends on the
> application (e.g. PHP) that uses the cURL library.
> 
> SOLUTION:
> Update to version 7.15.1.
> http://curl.haxx.se/download.html
> 
> PROVIDED AND/OR DISCOVERED BY:
> Stefan Esser, Hardened PHP Project.
> 
> ORIGINAL ADVISORY:
> http://www.hardened-php.net/advisory_242005.109.html
> 
> ----------------------------------------------------------------------