GLSA-201807-04 : cURL:Heap-based Buffer Overflow
Medium Nessus Plugin ID 111412
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201807-04 (cURL:Heap-based Buffer Overflow)
A heap-based buffer overflow was discovered in cURL’s Curl_smtp_escape_eob() function.
An attacker could cause a Denial of Service condition or execute arbitrary code via SMTP connections.
There is no known workaround at this time.
SolutionAll cURL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/curl-7.61.0'