icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

cURL < 7.20.0 CURLOPT_ENCODING Option Buffer Overflow

Medium

Synopsis

The remote host is running a download client that is vulnerable to a buffer overflow attack.

Description

The remote host is running cURL, a download client for various protocols. The installed version of cURL is earlier than 7.20.0. Such versions are potentially affected by a buffer overflow vulnerability when downloading compressed files over HTTP and automatically decompressing the file with the 'CURLOPT_ENCODING' option. This issue only occurs in versions of cURL that are built with zlib enabled.

Solution

Upgrade to cURL 7.20.0 or later.