curl version curl 7.20.0 to and including curl 7.59.0...
Critical severity
Unreviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Feb 2, 2023
Description
Published by the National Vulnerability Database
May 24, 2018
Published to the GitHub Advisory Database
May 13, 2022
Last updated
Feb 2, 2023
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
References