Vulnerability Details : CVE-2010-0734
content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.
Vulnerability category: Denial of service
Products affected by CVE-2010-0734
- cpe:2.3:a:curl:libcurl:7.12:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.15:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.15.3:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.16.3:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.19.3:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.14:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.13:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.17.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.19.2:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.18.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.19.4:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.19.5:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.19.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.10.8:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.18.2:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.19.7:*:*:*:*:*:*:*
- cpe:2.3:a:curl:libcurl:7.19.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0734
3.93%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0734
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2010-0734
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0734
-
http://secunia.com/advisories/48256
Sign in
-
http://www.vupen.com/english/advisories/2010/0602
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2010/0571
Webmail | OVH- OVH
-
http://www.openwall.com/lists/oss-security/2010/03/16/11
oss-security - Re: CVE Request -- cURL/libCURL 7.20.0Patch
-
http://secunia.com/advisories/45047
Sign in
-
http://www.securityfocus.com/archive/1/514490/100/0/threaded
SecurityFocus
-
http://curl.haxx.se/libcurl-contentencoding.patch
Patch
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760
Repository / Oval Repository
-
http://secunia.com/advisories/38843
Sign in
-
http://wiki.rpath.com/Advisories:rPSA-2010-0072
-
http://secunia.com/advisories/38981
Sign in
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:062
mandriva.com
-
http://support.avaya.com/css/P8/documents/100081819
ASA-2010-126 (RHSA-2010-0329)
-
http://www.openwall.com/lists/oss-security/2010/02/09/5
oss-security - CVE Request -- cURL/libCURL 7.20.0Patch
-
http://secunia.com/advisories/39734
Sign in
-
http://curl.haxx.se/docs/security.html#20100209
curl - Security ProblemsVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0329.html
Support
-
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
Apple - Lists.apple.com
-
http://curl.haxx.se/docs/adv_20100209.html
curl - data callback excessive length - CVE-2010-0734Vendor Advisory
-
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
VMSA-2011-0003.2
-
http://www.openwall.com/lists/oss-security/2010/03/09/1
oss-security - Re: CVE Request -- cURL/libCURL 7.20.0Patch
-
http://secunia.com/advisories/40220
Sign in
-
http://www.vupen.com/english/advisories/2010/0660
Webmail | OVH- OVH
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html
[SECURITY] Fedora 11 Update: curl-7.19.7-5.fc11
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html
[SECURITY] Fedora 12 Update: curl-7.19.7-7.fc12
-
http://security.gentoo.org/glsa/glsa-201203-02.xml
cURL: Multiple vulnerabilities (GLSA 201203-02) — Gentoo security
-
http://www.vupen.com/english/advisories/2010/1481
Webmail | OVH- OVH
-
http://www.debian.org/security/2010/dsa-2023
Debian -- Security Information -- DSA-2023-1 curl
-
http://secunia.com/advisories/39087
Sign in
-
http://support.apple.com/kb/HT4188
About the security content of Security Update 2010-004 / Mac OS X v10.6.4 - Apple Support
-
http://www.vupen.com/english/advisories/2010/0725
Webmail | OVH- OVH
-
http://www.securityfocus.com/archive/1/516397/100/0/threaded
SecurityFocus
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756
Repository / Oval Repository
-
http://www.ubuntu.com/usn/USN-1158-1
USN-1158-1: curl vulnerabilities | Ubuntu security notices
-
https://bugzilla.redhat.com/show_bug.cgi?id=563220
563220 – (CVE-2010-0734) CVE-2010-0734 curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback
Jump to