CVE-2010-0734: Buffer Overflow
First published: Tue Feb 09 2010(Updated: )
content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/curl | <0:7.10.6-11.rhel3 | 0:7.10.6-11.rhel3 |
| redhat/curl | <0:7.12.1-11.1.el4_8.3 | 0:7.12.1-11.1.el4_8.3 |
| redhat/curl | <0:7.15.5-9.el5 | 0:7.15.5-9.el5 |
| libcurl 3 with GnuTLS support | =7.10.5 | |
| libcurl 3 with GnuTLS support | =7.10.6 | |
| libcurl 3 with GnuTLS support | =7.10.7 | |
| libcurl 3 with GnuTLS support | =7.10.8 | |
| libcurl 3 with GnuTLS support | =7.11.0 | |
| libcurl 3 with GnuTLS support | =7.11.1 | |
| libcurl 3 with GnuTLS support | =7.11.2 | |
| libcurl 3 with GnuTLS support | =7.12 | |
| libcurl 3 with GnuTLS support | =7.12.0 | |
| libcurl 3 with GnuTLS support | =7.12.1 | |
| libcurl 3 with GnuTLS support | =7.12.2 | |
| libcurl 3 with GnuTLS support | =7.12.3 | |
| libcurl 3 with GnuTLS support | =7.13 | |
| libcurl 3 with GnuTLS support | =7.13.1 | |
| libcurl 3 with GnuTLS support | =7.13.2 | |
| libcurl 3 with GnuTLS support | =7.14 | |
| libcurl 3 with GnuTLS support | =7.14.1 | |
| libcurl 3 with GnuTLS support | =7.15 | |
| libcurl 3 with GnuTLS support | =7.15.1 | |
| libcurl 3 with GnuTLS support | =7.15.2 | |
| libcurl 3 with GnuTLS support | =7.15.3 | |
| libcurl 3 with GnuTLS support | =7.16.3 | |
| libcurl 3 with GnuTLS support | =7.17.0 | |
| libcurl 3 with GnuTLS support | =7.17.1 | |
| libcurl 3 with GnuTLS support | =7.18.0 | |
| libcurl 3 with GnuTLS support | =7.18.1 | |
| libcurl 3 with GnuTLS support | =7.18.2 | |
| libcurl 3 with GnuTLS support | =7.19.0 | |
| libcurl 3 with GnuTLS support | =7.19.1 | |
| libcurl 3 with GnuTLS support | =7.19.2 | |
| libcurl 3 with GnuTLS support | =7.19.3 | |
| libcurl 3 with GnuTLS support | =7.19.4 | |
| libcurl 3 with GnuTLS support | =7.19.5 | |
| libcurl 3 with GnuTLS support | =7.19.6 | |
| libcurl 3 with GnuTLS support | =7.19.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2010/03/09/1
- http://www.openwall.com/lists/oss-security/2010/02/09/5
- https://bugzilla.redhat.com/show_bug.cgi?id=563220
- http://curl.haxx.se/libcurl-contentencoding.patch
- http://curl.haxx.se/docs/adv_20100209.html
- http://curl.haxx.se/docs/security.html#20100209
- http://www.openwall.com/lists/oss-security/2010/03/16/11
- http://secunia.com/advisories/38843
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html
- http://www.vupen.com/english/advisories/2010/0602
- http://secunia.com/advisories/38981
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html
- http://www.vupen.com/english/advisories/2010/0571
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:062
- http://www.vupen.com/english/advisories/2010/0725
- http://www.vupen.com/english/advisories/2010/0660
- http://www.debian.org/security/2010/dsa-2023
- http://secunia.com/advisories/39087
- http://secunia.com/advisories/39734
- http://www.redhat.com/support/errata/RHSA-2010-0329.html
- http://support.avaya.com/css/P8/documents/100081819
- http://secunia.com/advisories/40220
- http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
- http://www.vupen.com/english/advisories/2010/1481
- http://support.apple.com/kb/HT4188
- http://wiki.rpath.com/Advisories:rPSA-2010-0072
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
- http://www.ubuntu.com/usn/USN-1158-1
- http://secunia.com/advisories/45047
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760
- http://security.gentoo.org/glsa/glsa-201203-02.xml
- http://secunia.com/advisories/48256
- http://www.securityfocus.com/archive/1/516397/100/0/threaded
- http://www.securityfocus.com/archive/1/514490/100/0/threaded
- http://curl.haxx.se/download.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=563220#c0
- http://admin.fedoraproject.org/updates/curl-7.19.7-7.fc12
- http://admin.fedoraproject.org/updates/curl-7.19.7-5.fc11
- https://access.redhat.com/security/cve/CVE-2010-0734
- https://rhn.redhat.com/errata/RHSA-2010-0273.html
- https://rhn.redhat.com/errata/RHSA-2010-0329.html
- https://www.cve.org/CVERecord?id=CVE-2010-0734 https://nvd.nist.gov/vuln/detail/CVE-2010-0734
- https://access.redhat.com/errata/RHSA-2010:0329
- https://access.redhat.com/errata/RHSA-2010:0273
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0734.json
Frequently Asked Questions
What is the severity of CVE-2010-0734?
CVE-2010-0734 has a medium severity level due to potential denial of service vulnerabilities.
How do I fix CVE-2010-0734?
To fix CVE-2010-0734, upgrade libcurl to version 7.10.6 or later for affected versions.
Which versions of libcurl are affected by CVE-2010-0734?
CVE-2010-0734 affects libcurl versions from 7.10.5 through 7.19.7 when zlib is enabled.
What kind of attack can exploit CVE-2010-0734?
Malicious users can exploit CVE-2010-0734 to perform denial of service attacks that may crash the application.
Is the issue in CVE-2010-0734 specific to certain operating systems?
CVE-2010-0734 primarily affects systems using vulnerable versions of libcurl across various operating systems.
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-0734
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- collector/redhat-cve
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- package-manager/redhat
- vendor/curl
- canonical/libcurl 3 with gnutls support
- version/libcurl 3 with gnutls support/7.10.5
- version/libcurl 3 with gnutls support/7.10.6
- version/libcurl 3 with gnutls support/7.10.7
- version/libcurl 3 with gnutls support/7.10.8
- version/libcurl 3 with gnutls support/7.11.0
- version/libcurl 3 with gnutls support/7.11.1
- version/libcurl 3 with gnutls support/7.11.2
- version/libcurl 3 with gnutls support/7.12
- version/libcurl 3 with gnutls support/7.12.0
- version/libcurl 3 with gnutls support/7.12.1
- version/libcurl 3 with gnutls support/7.12.2
- version/libcurl 3 with gnutls support/7.12.3
- version/libcurl 3 with gnutls support/7.13
- version/libcurl 3 with gnutls support/7.13.1
- version/libcurl 3 with gnutls support/7.13.2
- version/libcurl 3 with gnutls support/7.14
- version/libcurl 3 with gnutls support/7.14.1
- version/libcurl 3 with gnutls support/7.15
- version/libcurl 3 with gnutls support/7.15.1
- version/libcurl 3 with gnutls support/7.15.2
- version/libcurl 3 with gnutls support/7.15.3
- version/libcurl 3 with gnutls support/7.16.3
- version/libcurl 3 with gnutls support/7.17.0
- version/libcurl 3 with gnutls support/7.17.1
- version/libcurl 3 with gnutls support/7.18.0
- version/libcurl 3 with gnutls support/7.18.1
- version/libcurl 3 with gnutls support/7.18.2
- version/libcurl 3 with gnutls support/7.19.0
- version/libcurl 3 with gnutls support/7.19.1
- version/libcurl 3 with gnutls support/7.19.2
- version/libcurl 3 with gnutls support/7.19.3
- version/libcurl 3 with gnutls support/7.19.4
- version/libcurl 3 with gnutls support/7.19.5
- version/libcurl 3 with gnutls support/7.19.6
- version/libcurl 3 with gnutls support/7.19.7