icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

cURL/libcURL 'Curl_sasl_create_digest_md5_message()' Stack Buffer Overflow Vulnerability

Medium

Synopsis

The cURL program is a library and command-line tool for transferring data using various protocols, including HTTP, FTP, and LDAP. A vulnerable version of cURL was detected from the host.

Description

A stack buffer overflow flaw was found due to the application failing to properly bounds-check user supplied data before copying it into an insufficiently sized buffer. A remote attacker could exploit this issue to execute arbitrary code in the context of the affected application. (CVE-2013-2174)

Affected versions include versions 7.26.0 through 7.28.1.

Solution

Upgrade the affected packages; the next version of cURL that fixes the issue is cURL 7.29.0.