CURL-CVE-2006-1061

See a problem?

Source

https://curl.se/docs/CVE-2006-1061.html

Import Source

https://curl.se/docs/CURL-CVE-2006-1061.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2006-1061

Aliases

CVE-2006-1061

Published

2006-03-20T08:00:00Z

Modified

2024-06-07T13:53:51Z

Summary

TFTP Packet Buffer Overflow

Details

libcurl uses the given file part of a TFTP URL in a manner that allows a malicious user to overflow a heap-based memory buffer due to the lack of boundary check.

This overflow happens if you pass in a URL with a TFTP protocol prefix ("tftp://"), using a valid host and a path part that is longer than 512 bytes.

The affected flaw can be triggered by a redirect, if curl/libcurl is told to follow redirects and an HTTP server points the client to a tftp URL with the characteristics described above.

References

Credits

- Ulf Harnhammar - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git /

Affected ranges

Type: SEMVER
Events: Introduced

7.15.0

Fixed

7.15.3

Affected versions

7.*

7.15.0

7.15.1

7.15.2