CVE-2013-2174: Buffer Overflow
First published: Wed Jul 31 2013(Updated: )
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| haxx curl | =7.7 | |
| haxx curl | =7.7.1 | |
| haxx curl | =7.7.2 | |
| haxx curl | =7.7.3 | |
| haxx curl | =7.8 | |
| haxx curl | =7.8.1 | |
| haxx curl | =7.9 | |
| haxx curl | =7.9.1 | |
| haxx curl | =7.9.2 | |
| haxx curl | =7.9.3 | |
| haxx curl | =7.9.4 | |
| haxx curl | =7.9.5 | |
| haxx curl | =7.9.6 | |
| haxx curl | =7.9.7 | |
| haxx curl | =7.9.8 | |
| haxx curl | =7.10 | |
| haxx curl | =7.10.1 | |
| haxx curl | =7.10.2 | |
| haxx curl | =7.10.3 | |
| haxx curl | =7.10.4 | |
| haxx curl | =7.10.5 | |
| haxx curl | =7.10.6 | |
| haxx curl | =7.10.7 | |
| haxx curl | =7.10.8 | |
| haxx curl | =7.11.0 | |
| haxx curl | =7.11.1 | |
| haxx curl | =7.11.2 | |
| haxx curl | =7.12.0 | |
| haxx curl | =7.12.1 | |
| haxx curl | =7.12.2 | |
| haxx curl | =7.12.3 | |
| haxx curl | =7.13.0 | |
| haxx curl | =7.13.1 | |
| haxx curl | =7.13.2 | |
| haxx curl | =7.14.0 | |
| haxx curl | =7.14.1 | |
| haxx curl | =7.15.0 | |
| haxx curl | =7.15.1 | |
| haxx curl | =7.15.2 | |
| haxx curl | =7.15.3 | |
| haxx curl | =7.15.4 | |
| haxx curl | =7.15.5 | |
| haxx curl | =7.16.0 | |
| haxx curl | =7.16.1 | |
| haxx curl | =7.16.2 | |
| haxx curl | =7.16.3 | |
| haxx curl | =7.16.4 | |
| haxx curl | =7.17.0 | |
| haxx curl | =7.17.1 | |
| haxx curl | =7.18.0 | |
| haxx curl | =7.18.1 | |
| haxx curl | =7.18.2 | |
| haxx curl | =7.19.0 | |
| haxx curl | =7.19.1 | |
| haxx curl | =7.19.2 | |
| haxx curl | =7.19.3 | |
| haxx curl | =7.19.4 | |
| haxx curl | =7.19.5 | |
| haxx curl | =7.19.6 | |
| haxx curl | =7.19.7 | |
| haxx curl | =7.20.0 | |
| haxx curl | =7.20.1 | |
| haxx curl | =7.21.0 | |
| haxx curl | =7.21.1 | |
| haxx curl | =7.21.2 | |
| haxx curl | =7.21.3 | |
| haxx curl | =7.21.4 | |
| haxx curl | =7.21.5 | |
| haxx curl | =7.21.6 | |
| haxx curl | =7.21.7 | |
| haxx curl | =7.22.0 | |
| haxx curl | =7.23.0 | |
| haxx curl | =7.23.1 | |
| haxx curl | =7.24.0 | |
| haxx curl | =7.25.0 | |
| haxx curl | =7.26.0 | |
| haxx curl | =7.27.0 | |
| haxx curl | =7.28.0 | |
| haxx curl | =7.28.1 | |
| haxx curl | =7.29.0 | |
| haxx curl | =7.30.0 | |
| haxx libcurl | =7.7 | |
| haxx libcurl | =7.7.1 | |
| haxx libcurl | =7.7.2 | |
| haxx libcurl | =7.7.3 | |
| haxx libcurl | =7.8 | |
| haxx libcurl | =7.8.1 | |
| haxx libcurl | =7.9 | |
| haxx libcurl | =7.9.1 | |
| haxx libcurl | =7.9.2 | |
| haxx libcurl | =7.9.3 | |
| haxx libcurl | =7.9.4 | |
| haxx libcurl | =7.9.5 | |
| haxx libcurl | =7.9.6 | |
| haxx libcurl | =7.9.7 | |
| haxx libcurl | =7.9.8 | |
| haxx libcurl | =7.10 | |
| haxx libcurl | =7.10.1 | |
| haxx libcurl | =7.10.2 | |
| haxx libcurl | =7.10.3 | |
| haxx libcurl | =7.10.4 | |
| haxx libcurl | =7.10.5 | |
| haxx libcurl | =7.10.6 | |
| haxx libcurl | =7.10.7 | |
| haxx libcurl | =7.10.8 | |
| haxx libcurl | =7.11.0 | |
| haxx libcurl | =7.11.1 | |
| haxx libcurl | =7.11.2 | |
| haxx libcurl | =7.12.0 | |
| haxx libcurl | =7.12.1 | |
| haxx libcurl | =7.12.2 | |
| haxx libcurl | =7.12.3 | |
| haxx libcurl | =7.13.0 | |
| haxx libcurl | =7.13.1 | |
| haxx libcurl | =7.13.2 | |
| haxx libcurl | =7.14.0 | |
| haxx libcurl | =7.14.1 | |
| haxx libcurl | =7.15.0 | |
| haxx libcurl | =7.15.1 | |
| haxx libcurl | =7.15.2 | |
| haxx libcurl | =7.15.3 | |
| haxx libcurl | =7.15.4 | |
| haxx libcurl | =7.15.5 | |
| haxx libcurl | =7.16.0 | |
| haxx libcurl | =7.16.1 | |
| haxx libcurl | =7.16.2 | |
| haxx libcurl | =7.16.3 | |
| haxx libcurl | =7.16.4 | |
| haxx libcurl | =7.17.0 | |
| haxx libcurl | =7.17.1 | |
| haxx libcurl | =7.18.0 | |
| haxx libcurl | =7.18.1 | |
| haxx libcurl | =7.18.2 | |
| haxx libcurl | =7.19.0 | |
| haxx libcurl | =7.19.1 | |
| haxx libcurl | =7.19.2 | |
| haxx libcurl | =7.19.3 | |
| haxx libcurl | =7.19.4 | |
| haxx libcurl | =7.19.5 | |
| haxx libcurl | =7.19.6 | |
| haxx libcurl | =7.19.7 | |
| haxx libcurl | =7.20.0 | |
| haxx libcurl | =7.20.1 | |
| haxx libcurl | =7.21.0 | |
| haxx libcurl | =7.21.1 | |
| haxx libcurl | =7.21.2 | |
| haxx libcurl | =7.21.3 | |
| haxx libcurl | =7.21.4 | |
| haxx libcurl | =7.21.5 | |
| haxx libcurl | =7.21.6 | |
| haxx libcurl | =7.21.7 | |
| haxx libcurl | =7.22.0 | |
| haxx libcurl | =7.23.0 | |
| haxx libcurl | =7.23.1 | |
| haxx libcurl | =7.24.0 | |
| haxx libcurl | =7.25.0 | |
| haxx libcurl | =7.26.0 | |
| haxx libcurl | =7.27.0 | |
| haxx libcurl | =7.28.0 | |
| haxx libcurl | =7.28.1 | |
| haxx libcurl | =7.29.0 | |
| haxx libcurl | =7.30.0 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =12.10 | |
| Ubuntu Linux | =13.04 | |
| openSUSE | =11.4 | |
| Red Hat Enterprise Linux | =5 | |
| Red Hat Enterprise Linux | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://curl.haxx.se/docs/adv_20130622.html
- http://lists.opensuse.org/opensuse-updates/2013-07/msg00013.html
- http://rhn.redhat.com/errata/RHSA-2013-0983.html
- http://www.debian.org/security/2013/dsa-2713
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/60737
- http://www.ubuntu.com/usn/USN-1894-1
- https://github.com/bagder/curl/commit/192c4f788d48f82c03e9cef40013f34370e90737
Frequently Asked Questions
What is the severity of CVE-2013-2174?
CVE-2013-2174 is rated as critical due to its potential for remote code execution and denial of service.
How do I fix CVE-2013-2174?
To fix CVE-2013-2174, upgrade to a version of cURL or libcurl that is 7.31.0 or later.
What devices are affected by CVE-2013-2174?
CVE-2013-2174 affects cURL and libcurl versions 7.7 through 7.30.0 across various operating systems.
What kind of attack is CVE-2013-2174 associated with?
CVE-2013-2174 is associated with heap-based buffer overflow attacks that can lead to application crashes or arbitrary code execution.
Is my system vulnerable to CVE-2013-2174?
If your system is running any version of cURL or libcurl from 7.7 to 7.30.0, it is vulnerable to CVE-2013-2174.
- agent/type
- agent/references
- agent/author
- agent/severity
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/weakness
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/haxx
- canonical/haxx curl
- version/haxx curl/7.7
- version/haxx curl/7.7.1
- version/haxx curl/7.7.2
- version/haxx curl/7.7.3
- version/haxx curl/7.8
- version/haxx curl/7.8.1
- version/haxx curl/7.9
- version/haxx curl/7.9.1
- version/haxx curl/7.9.2
- version/haxx curl/7.9.3
- version/haxx curl/7.9.4
- version/haxx curl/7.9.5
- version/haxx curl/7.9.6
- version/haxx curl/7.9.7
- version/haxx curl/7.9.8
- version/haxx curl/7.10
- version/haxx curl/7.10.1
- version/haxx curl/7.10.2
- version/haxx curl/7.10.3
- version/haxx curl/7.10.4
- version/haxx curl/7.10.5
- version/haxx curl/7.10.6
- version/haxx curl/7.10.7
- version/haxx curl/7.10.8
- version/haxx curl/7.11.0
- version/haxx curl/7.11.1
- version/haxx curl/7.11.2
- version/haxx curl/7.12.0
- version/haxx curl/7.12.1
- version/haxx curl/7.12.2
- version/haxx curl/7.12.3
- version/haxx curl/7.13.0
- version/haxx curl/7.13.1
- version/haxx curl/7.13.2
- version/haxx curl/7.14.0
- version/haxx curl/7.14.1
- version/haxx curl/7.15.0
- version/haxx curl/7.15.1
- version/haxx curl/7.15.2
- version/haxx curl/7.15.3
- version/haxx curl/7.15.4
- version/haxx curl/7.15.5
- version/haxx curl/7.16.0
- version/haxx curl/7.16.1
- version/haxx curl/7.16.2
- version/haxx curl/7.16.3
- version/haxx curl/7.16.4
- version/haxx curl/7.17.0
- version/haxx curl/7.17.1
- version/haxx curl/7.18.0
- version/haxx curl/7.18.1
- version/haxx curl/7.18.2
- version/haxx curl/7.19.0
- version/haxx curl/7.19.1
- version/haxx curl/7.19.2
- version/haxx curl/7.19.3
- version/haxx curl/7.19.4
- version/haxx curl/7.19.5
- version/haxx curl/7.19.6
- version/haxx curl/7.19.7
- version/haxx curl/7.20.0
- version/haxx curl/7.20.1
- version/haxx curl/7.21.0
- version/haxx curl/7.21.1
- version/haxx curl/7.21.2
- version/haxx curl/7.21.3
- version/haxx curl/7.21.4
- version/haxx curl/7.21.5
- version/haxx curl/7.21.6
- version/haxx curl/7.21.7
- version/haxx curl/7.22.0
- version/haxx curl/7.23.0
- version/haxx curl/7.23.1
- version/haxx curl/7.24.0
- version/haxx curl/7.25.0
- version/haxx curl/7.26.0
- version/haxx curl/7.27.0
- version/haxx curl/7.28.0
- version/haxx curl/7.28.1
- version/haxx curl/7.29.0
- version/haxx curl/7.30.0
- canonical/haxx libcurl
- version/haxx libcurl/7.7
- version/haxx libcurl/7.7.1
- version/haxx libcurl/7.7.2
- version/haxx libcurl/7.7.3
- version/haxx libcurl/7.8
- version/haxx libcurl/7.8.1
- version/haxx libcurl/7.9
- version/haxx libcurl/7.9.1
- version/haxx libcurl/7.9.2
- version/haxx libcurl/7.9.3
- version/haxx libcurl/7.9.4
- version/haxx libcurl/7.9.5
- version/haxx libcurl/7.9.6
- version/haxx libcurl/7.9.7
- version/haxx libcurl/7.9.8
- version/haxx libcurl/7.10
- version/haxx libcurl/7.10.1
- version/haxx libcurl/7.10.2
- version/haxx libcurl/7.10.3
- version/haxx libcurl/7.10.4
- version/haxx libcurl/7.10.5
- version/haxx libcurl/7.10.6
- version/haxx libcurl/7.10.7
- version/haxx libcurl/7.10.8
- version/haxx libcurl/7.11.0
- version/haxx libcurl/7.11.1
- version/haxx libcurl/7.11.2
- version/haxx libcurl/7.12.0
- version/haxx libcurl/7.12.1
- version/haxx libcurl/7.12.2
- version/haxx libcurl/7.12.3
- version/haxx libcurl/7.13.0
- version/haxx libcurl/7.13.1
- version/haxx libcurl/7.13.2
- version/haxx libcurl/7.14.0
- version/haxx libcurl/7.14.1
- version/haxx libcurl/7.15.0
- version/haxx libcurl/7.15.1
- version/haxx libcurl/7.15.2
- version/haxx libcurl/7.15.3
- version/haxx libcurl/7.15.4
- version/haxx libcurl/7.15.5
- version/haxx libcurl/7.16.0
- version/haxx libcurl/7.16.1
- version/haxx libcurl/7.16.2
- version/haxx libcurl/7.16.3
- version/haxx libcurl/7.16.4
- version/haxx libcurl/7.17.0
- version/haxx libcurl/7.17.1
- version/haxx libcurl/7.18.0
- version/haxx libcurl/7.18.1
- version/haxx libcurl/7.18.2
- version/haxx libcurl/7.19.0
- version/haxx libcurl/7.19.1
- version/haxx libcurl/7.19.2
- version/haxx libcurl/7.19.3
- version/haxx libcurl/7.19.4
- version/haxx libcurl/7.19.5
- version/haxx libcurl/7.19.6
- version/haxx libcurl/7.19.7
- version/haxx libcurl/7.20.0
- version/haxx libcurl/7.20.1
- version/haxx libcurl/7.21.0
- version/haxx libcurl/7.21.1
- version/haxx libcurl/7.21.2
- version/haxx libcurl/7.21.3
- version/haxx libcurl/7.21.4
- version/haxx libcurl/7.21.5
- version/haxx libcurl/7.21.6
- version/haxx libcurl/7.21.7
- version/haxx libcurl/7.22.0
- version/haxx libcurl/7.23.0
- version/haxx libcurl/7.23.1
- version/haxx libcurl/7.24.0
- version/haxx libcurl/7.25.0
- version/haxx libcurl/7.26.0
- version/haxx libcurl/7.27.0
- version/haxx libcurl/7.28.0
- version/haxx libcurl/7.28.1
- version/haxx libcurl/7.29.0
- version/haxx libcurl/7.30.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/10.04
- version/ubuntu linux/12.04
- version/ubuntu linux/12.10
- version/ubuntu linux/13.04
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.4
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5
- version/red hat enterprise linux/6.0