This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
The cURL project reports
The four libcurl functions curl_escape(), curl_easy_escape(),
curl_unescape and curl_easy_unescape perform string URL percent
escaping and unescaping. They accept custom string length inputs in
signed integer arguments.
The provided string length arguments were not properly checked and due
to arithmetic in the functions, passing in the length 0xffffffff
(2^32-1 or UINT_MAX or even just -1) would end up causing an
allocation of zero bytes of heap memory that curl would attempt to
write gigabytes of data into.
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 7.5