This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
A vulnerability has been discovered and corrected in curl :
libcurl is vulnerable to a case of bad checking of the input data
which may lead to heap corruption. The function curl_easy_unescape()
decodes URL encoded strings to raw binary data. URL encoded octets are
represented with \%HH combinations where HH is a two-digit hexadecimal
number. The decoded string is written to an allocated memory area that
the function returns to the caller (CVE-2013-2174).
The updated packages have been patched to correct this issue.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false