CURL-CVE-2010-0734
- Source
- https://curl.se/docs/CVE-2010-0734.html
- Import Source
- https://curl.se/docs/CURL-CVE-2010-0734.json
- JSON Data
- https://api.osv.dev/v1/vulns/CURL-CVE-2010-0734
- Aliases
- Published
- 2010-02-09T08:00:00Z
- Modified
- 2024-06-07T13:53:51Z
- Summary
- data callback excessive length
- Details
-
When downloading data, libcurl hands it over to the application using a callback that is registered by the client software. libcurl then calls that function repeatedly with data until the transfer is complete. The callback is documented to receive a maximum data size of 16K (
CURL_MAX_WRITE_SIZE).Using the affected libcurl version to download compressed content over HTTP, an application can ask libcurl to automatically uncompress data. When doing so, libcurl can wrongly send data up to 64K in size to the callback which thus is much larger than the documented maximum size. An application that blindly trusts libcurl's max limit for a fixed buffer size or similar is then a possible target for a buffer overflow vulnerability.
This error is only present in zlib-enabled builds of libcurl and only if automatic decompression has been explicitly enabled by the application - it is disabled by default.
We have not found any libcurl client software that is vulnerable to this flaw - but we acknowledge that there may still be vulnerable software in existence.
- Database specific
{ "affects": "lib", "package": "curl", "CWE": { "desc": "Function Call with Incorrectly Specified Arguments", "id": "CWE-628" }, "severity": "High", "URL": "https://curl.se/docs/CVE-2010-0734.json", "www": "https://curl.se/docs/CVE-2010-0734.html", "last_affected": "7.19.7" }- References
-
- Credits
-
-
- Wesley Miaw - FINDER
-
- Daniel Stenberg - REMEDIATION_DEVELOPER
-
Affected packages
Git / github.com/curl/curl.git
Affected ranges
- Type
- SEMVER
- Events
-
Introduced7.10.5Fixed7.20.0
- Type
- GIT
- Repo
- https://github.com/curl/curl.git
- Events