CURL-CVE-2013-0249

Source
https://curl.se/docs/CVE-2013-0249.html
Import Source
https://curl.se/docs/CURL-CVE-2013-0249.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2013-0249
Aliases
Published
2013-02-06T08:00:00Z
Modified
2024-06-07T13:53:51Z
Summary
SASL buffer overflow
Details

libcurl is vulnerable to a buffer overflow vulnerability when communicating with one of the protocols POP3, SMTP or IMAP.

When negotiating SASL DIGEST-MD5 authentication, the function Curl_sasl_create_digest_md5_message() uses the data provided from the server without doing the proper length checks and that data is then appended to a local fixed-size buffer on the stack.

This vulnerability can be exploited by someone who is in control of a server that a libcurl based program is accessing with POP3, SMTP or IMAP. For applications that accept user provided URLs, it is also thinkable that a malicious user would feed an application with a URL to a server hosting code targeting this flaw.

This vulnerability can be used for remote code execution (RCE) on vulnerable systems.

Both curl the command line tool and applications using the libcurl library are vulnerable.

Database specific
{
    "CWE": {
        "id": "CWE-121",
        "desc": "Stack-based Buffer Overflow"
    },
    "package": "curl",
    "URL": "https://curl.se/docs/CVE-2013-0249.json",
    "severity": "Critical",
    "www": "https://curl.se/docs/CVE-2013-0249.html",
    "last_affected": "7.28.1"
}
References
Credits
    • Volema - FINDER
    • Volema - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.26.0
Fixed
7.29.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events

Affected versions

7.*

7.26.0
7.27.0
7.28.0
7.28.1