libcurl uses the given file part of a TFTP URL in a manner that allows a malicious user to overflow a heap-based memory buffer due to the lack of boundary check.
This overflow happens if you pass in a URL with a TFTP protocol prefix ("tftp://"), using a valid host and a path part that is longer than 512 bytes.
The affected flaw can be triggered by a redirect, if curl/libcurl is told to follow redirects and an HTTP server points the client to a tftp URL with the characteristics described above.
{ "CWE": { "id": "CWE-122", "desc": "Heap-based Buffer Overflow" }, "package": "curl", "URL": "https://curl.se/docs/CVE-2006-1061.json", "severity": "High", "www": "https://curl.se/docs/CVE-2006-1061.html", "last_affected": "7.15.2" }