Red Hat Bugzilla – Bug 1461321
CVE-2017-9502 curl: URL file scheme drive letter buffer overflow
Last modified: 2017-06-15 13:00:31 EDT
When libcurl is given either
a file: URL that doesn't use two slashes following the colon, or
is told that file is the default scheme to use for URLs without scheme
... and the given path starts with a drive letter and libcurl is built for Windows or DOS, then libcurl would copy the path with a wrong offset, so that the end of the given path would write beyond the malloc buffer. Up to seven bytes too much.
Affected versions: libcurl 7.53.0 to and including 7.54.0
NOTABUG because it only affects Windows/DOS builds (including Cygwin).
I would assume MinGW is affected. I'll push a Fedora update soon.
(In reply to Michael Cronenworth from comment #2)
> I would assume MinGW is affected. I'll push a Fedora update soon.
I see mingw-curl 7.47.0 in Fedora 24 (can't find build for 25), which should not be vulnerable according to upstream advisory. Fedora 26 currently has 7.53.1 which is vulnerable.
Updates pushed. Thanks.