Red Hat Bugzilla – Bug 175191
CVE-2005-4077 SA17907 cURL/libcURL URL Parsing Off-By-One Vulnerability
Last modified: 2007-11-30 17:11:18 EST
'Stefan Esser has reported a vulnerability in cURL/libcURL, which has an unknown
'The vulnerability is caused due to an off-by-one error when parsing an URL that
is longer than 256 bytes. By using a specially crafted URL, a two-byte overflow
is reportedly possible. This may be exploited to corrupt memory allocation
structures. The vulnerability is reportedly exploitable only via a direct
request to cURL and not via a redirect.'
'The vulnerability has been reported in version 7.15.0 and prior.'
Thank you for your bug report.
There is the latest upstream version curl-7.15.1-1 in the devel branch now which
is fixes this problem.