curl: denial-of-service Vulnerability

Users of curl please be advised of a denial-of-service vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

rPSA-2010-0072-1: [rPSA-2010-0072-1] curl denial-of-service
Description:

Previous versions of curl do not properly restrict the amount of

callback data sent to an application that requests automatic

decompression, which might allow remote attackers to cause a denial

of service (application crash) or have unspecified other impact by

sending crafted compressed data to an application that relies on the

intended data-length limit. This has been fixed.
Read more at http://www.criticalwatch.com
 

Advertisements