cURL < 7.20.0 CURLOPT_ENCODING Option Buffer Overflow
Medium Nessus Network Monitor Plugin ID 5335
SynopsisThe remote host is running a download client that is vulnerable to a buffer overflow attack.
DescriptionThe remote host is running cURL, a download client for various protocols. The installed version of cURL is earlier than 7.20.0. Such versions are potentially affected by a buffer overflow vulnerability when downloading compressed files over HTTP and automatically decompressing the file with the 'CURLOPT_ENCODING' option. This issue only occurs in versions of cURL that are built with zlib enabled.
SolutionUpgrade to cURL 7.20.0 or later.