You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What is the security issue or vulnerability?
/curl/lib/transfer.c
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
start from 495 line :
if(conn->handler->readwrite &&
(excess > 0 && !conn->bits.stream_was_rewound))
Version
latest
What is the security issue or vulnerability?
/curl/lib/transfer.c
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
start from 495 line :
if(conn->handler->readwrite &&
(excess > 0 && !conn->bits.stream_was_rewound))
Security issue or vulnerability information
description: https://nvd.nist.gov/vuln/detail/CVE-2018-1000122
commit:curl/curl@d52dc47
Could you apply for another new CVE and fix it?
readwrite: make sure excess reads don't go beyond buffer end
GHSA-8h6f-6774-3wxg
Bug: https://curl.haxx.se/docs/adv_2018-b047.html
The text was updated successfully, but these errors were encountered: