Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

cURL < 7.20.0 CURLOPT_ENCODING Option Buffer Overflow

Medium

Synopsis

The remote host is running a download client that is vulnerable to a buffer overflow attack.

Description

The remote host is running cURL, a download client for various protocols. The installed version of cURL is earlier than 7.20.0. Such versions are potentially affected by a buffer overflow vulnerability when downloading compressed files over HTTP and automatically decompressing the file with the 'CURLOPT_ENCODING' option. This issue only occurs in versions of cURL that are built with zlib enabled.

Solution

Upgrade to cURL 7.20.0 or later.