Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.
Software | From | Fixed in |
---|---|---|
daniel_stenberg / curl | 7.11.2 | 7.11.2.x |
daniel_stenberg / curl | 7.12 | 7.12.x |
daniel_stenberg / curl | 7.12.1 | 7.12.1.x |
daniel_stenberg / curl | 7.12.2 | 7.12.2.x |
daniel_stenberg / curl | 7.12.3 | 7.12.3.x |
daniel_stenberg / curl | 7.13 | 7.13.x |
daniel_stenberg / curl | 7.13.1 | 7.13.1.x |
daniel_stenberg / curl | 7.13.2 | 7.13.2.x |
daniel_stenberg / curl | 7.14 | 7.14.x |
daniel_stenberg / curl | 7.14.1 | 7.14.1.x |
daniel_stenberg / curl | 7.15 | 7.15.x |