Haxx : Security Vulnerabilities, CVEs, Published In 2015 (Overflow)
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
Max CVSS
7.5
EPSS Score
88.13%
Published
2015-04-24
Updated
2018-10-30
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."
Max CVSS
9.0
EPSS Score
6.51%
Published
2015-04-24
Updated
2018-10-17
2 vulnerabilities found