Ops One AG

You can subscribe via RSS

Friday 1st December 2017

Debian 7 Updates: curl libcurl3, scheduled 2 years ago

Package : curl
Version : 7.26.0-1+wheezy23
CVE ID : CVE-2017-8817


Fuzzing by the OSS-Fuzz project led to the discovery of a read out of
bounds flaw in the FTP wildcard function in libcurl. A malicious
server could redirect a libcurl-based client to an URL using a
wildcard pattern, triggering the out-of-bound read.