CURL-CVE-2006-1061

Source
https://curl.se/docs/CVE-2006-1061.html
Import Source
https://curl.se/docs/CURL-CVE-2006-1061.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2006-1061
Aliases
Published
2006-03-20T08:00:00Z
Modified
2024-06-07T13:53:51Z
Summary
TFTP Packet Buffer Overflow
Details

libcurl uses the given file part of a TFTP URL in a manner that allows a malicious user to overflow a heap-based memory buffer due to the lack of boundary check.

This overflow happens if you pass in a URL with a TFTP protocol prefix ("tftp://"), using a valid host and a path part that is longer than 512 bytes.

The affected flaw can be triggered by a redirect, if curl/libcurl is told to follow redirects and an HTTP server points the client to a tftp URL with the characteristics described above.

Database specific
{
    "CWE": {
        "id": "CWE-122",
        "desc": "Heap-based Buffer Overflow"
    },
    "package": "curl",
    "URL": "https://curl.se/docs/CVE-2006-1061.json",
    "severity": "High",
    "www": "https://curl.se/docs/CVE-2006-1061.html",
    "last_affected": "7.15.2"
}
References
Credits
    • Ulf Harnhammar - FINDER
    • Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git /

Affected ranges

Type
SEMVER
Events
Introduced
7.15.0
Fixed
7.15.3

Affected versions

7.*

7.15.0
7.15.1
7.15.2