When libcurl is given either
... and the given path starts with a drive letter and libcurl is built for Windows or DOS, then libcurl would copy the path with a wrong offset, so that the end of the given path would write beyond the malloc buffer. Up to seven bytes too much.
{ "CWE": { "id": "CWE-122", "desc": "Heap-based Buffer Overflow" }, "package": "curl", "URL": "https://curl.se/docs/CVE-2017-9502.json", "severity": "High", "www": "https://curl.se/docs/CVE-2017-9502.html", "last_affected": "7.54.0" }