CURL-CVE-2025-0725
- Source
- https://curl.se/docs/CVE-2025-0725.html
- Import Source
- https://curl.se/docs/CURL-CVE-2025-0725.json
- JSON Data
- https://api.osv.dev/v1/vulns/CURL-CVE-2025-0725
- Aliases
- Published
- 2025-02-05T08:00:00Z
- Modified
- 2025-05-15T17:48:29Z
- Summary
- gzip integer overflow
- Details
-
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the
CURLOPT_ACCEPT_ENCODINGoption, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. - Database specific
{ "www": "https://curl.se/docs/CVE-2025-0725.html", "CWE": { "id": "CWE-680", "desc": "Integer Overflow to Buffer Overflow" }, "severity": "Low", "issue": "https://hackerone.com/reports/2956023", "package": "curl", "URL": "https://curl.se/docs/CVE-2025-0725.json", "award": { "amount": "505", "currency": "USD" }, "affects": "both", "last_affected": "8.11.1" }- References
-
- Credits
-
-
- z2_ - FINDER
-
- Daniel Stenberg - REMEDIATION_DEVELOPER
-
Affected packages
Git / github.com/curl/curl.git
Affected ranges
- Type
- SEMVER
- Events
-
Introduced7.10.5Fixed8.12.0
- Type
- GIT
- Repo
- https://github.com/curl/curl.git
- Events
Affected versions
7.*
7.10.5
7.10.6
7.10.7
7.10.8
7.11.0
7.11.1
7.11.2
7.12.0
7.12.1
7.12.2
7.12.3
7.13.0
7.13.1
7.13.2
7.14.0
7.14.1
7.15.0
7.15.1
7.15.2
7.15.3
7.15.4
7.15.5
7.16.0
7.16.1
7.16.2
7.16.3
7.16.4
7.17.0
7.17.1
7.18.0
7.18.1
7.18.2
7.19.0
7.19.1
7.19.2
7.19.3
7.19.4
7.19.5
7.19.6
7.19.7
7.20.0
7.20.1
7.21.0
7.21.1
7.21.2
7.21.3
7.21.4
7.21.5
7.21.6
7.21.7
7.22.0
7.23.0
7.23.1
7.24.0
7.25.0
7.26.0
7.27.0
7.28.0
7.28.1
7.29.0
7.30.0
7.31.0
7.32.0
7.33.0
7.34.0
7.35.0
7.36.0
7.37.0
7.37.1
7.38.0
7.39.0
7.40.0
7.41.0
7.42.0
7.42.1
7.43.0
7.44.0
7.45.0
7.46.0
7.47.0
7.47.1
7.48.0
7.49.0
7.49.1
7.50.0
7.50.1
7.50.2
7.50.3
7.51.0
7.52.0
7.52.1
7.53.0
7.53.1
7.54.0
7.54.1
7.55.0
7.55.1
7.56.0
7.56.1
7.57.0
7.58.0
7.59.0
7.60.0
7.61.0
7.61.1
7.62.0
7.63.0
7.64.0
7.64.1
7.65.0
7.65.1
7.65.2
7.65.3
7.66.0
7.67.0
7.68.0
7.69.0
7.69.1
7.70.0
7.71.0
7.71.1
7.72.0
7.73.0
7.74.0
7.75.0
7.76.0
7.76.1
7.77.0
7.78.0
7.79.0
7.79.1
7.80.0
7.81.0
7.82.0
7.83.0
7.83.1
7.84.0
7.85.0
7.86.0
7.87.0
7.88.0
7.88.1
8.*
8.0.0
8.0.1
8.1.0
8.1.1
8.1.2
8.10.0
8.10.1
8.11.0
8.11.1
8.2.0
8.2.1
8.3.0
8.4.0
8.5.0
8.6.0
8.7.0
8.7.1
8.8.0
8.9.0
8.9.1
Database specific
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "252364363294404715169109774035698948412",
"length": 1831.0
},
"id": "CURL-CVE-2025-0725-20f25f3a",
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/76f83f0db23846e254d940ec7fe141010077eb88",
"target": {
"file": "lib/content_encoding.c",
"function": "inflate_stream"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "168896525302313406955222363662775095115",
"length": 2508.0
},
"id": "CURL-CVE-2025-0725-31a3c906",
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/76f83f0db23846e254d940ec7fe141010077eb88",
"target": {
"file": "lib/content_encoding.c",
"function": "gzip_do_write"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "39270826339358882097054429076533369140",
"length": 321.0
},
"id": "CURL-CVE-2025-0725-6158cded",
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/76f83f0db23846e254d940ec7fe141010077eb88",
"target": {
"file": "lib/content_encoding.c",
"function": "exit_zlib"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"236267754694929501289564233082484222535",
"200696040692585403463439648895738753277",
"60845894295249300402371045709620699377",
"49972178874211801374787148175546180425",
"332591838543987166302839304162400862391",
"252835086527088184238608694584395463981",
"150675840616827511347869750147814771041",
"169522821797905292877675033744958828150",
"255048255832752320810687486827855982365",
"243064649949310788639829907233668932263",
"262949474071388489074653901127335294314",
"142680660897505406119653164609845491131",
"258744751755131181847296954295978072175",
"285145921178689077096206622165971766356",
"54260717971468768391514104508289882768",
"83299861369074052167407658064825942617",
"290501165083930570811544388178240186120",
"171146809897662422235138658846044881547",
"111532339163838739228027269074809338149",
"133986260147025877695246955263556851430",
"79778487104088533471626716341671516918",
"79232803291523634185547004210713396382",
"47512427426396239207135845579999753021",
"59279512616010374048775455161553628332",
"25462950861779172133609096941785325693",
"55588269951698804035036250091738429999",
"308997124565048775352450568771463917360",
"14274463666056009475211965315484736368",
"23367459784173241710728089041190177909",
"171421371697845923045155032808911954989",
"196779091870229077775100653603798267470",
"208005235792818465421401665831451139006",
"168727415830411617973842606409357158641",
"4464433991657045536630301711595355372",
"73743444074869324007513140434869402213",
"308997124565048775352450568771463917360",
"336531525996526569405359685498559718500",
"227654660124485990756150548711814054529",
"253482869664458950024146503402998211399",
"308997124565048775352450568771463917360",
"4637304696829473745731483115932530042",
"273608780212891723560280990805183936379",
"298340769877337009123010130136598424460",
"241056939890786628311726076122814843805",
"269776496286142667248742657670719663455",
"283827025877672519867439557547548664072",
"44026585785291848137931160395668104651",
"298035016632958506530008887050787029457",
"179253028203005606450850482014941584379",
"320909780808768762655797412387325648436",
"33716925131395923657980057616469280176",
"77263977023929041214670809652224402515",
"166743086906080346890141375155257338112",
"50905036539421745670809468151358497325",
"330274166216853328499444679660433240845",
"89739933738744894109494174529980256136",
"182502074644650052463446947411778538754",
"93592793097236037293292982748981774683",
"196372204882323266918837847945501227353",
"305140416614703626241976798892629740960",
"212306351164119945491220699381546529770",
"239328964480046242828221115292147664877",
"114037986862393577579712633918358618112",
"8679681849642930941602567215646523095",
"15974378803851764706086434385605121875",
"24444470476557735520898969983077240219",
"90163499340837882526915499902962836498",
"250025155322386603844828393115985918400",
"249768858836638634473597424571759697840",
"283541733094945914694664865635271252196",
"336265303408439515520468647346382393417",
"317686595998715713887384291854606929635",
"77942386541142843830078598505182519310",
"309814786663138929900396399295725236913",
"8152716221971367849707776483654413278",
"21494557680306636597921720074740363341",
"172028302927689502663839659749130028218",
"101446236223729195492113368852196105210",
"60148371805731193343247960618408591722",
"316020079801317962272398955066215369219",
"85345941698134536465229620231148564119",
"126500032900639235704705336621037570384",
"34192562607628835983918845600422069149",
"79111525736007142220332635975143825687",
"29584440882749068432895499242805872007",
"206881962961967076303198574513832693527",
"209999717941643035500483095749875962474",
"83391225412104349660889755633194069561",
"93505123976059129165021700620285628411",
"278648989659512964258254781929117660466",
"2822162873325789052709085466408273730",
"34845579044282412955163118703798558580",
"201012440583401477994956852219784653741",
"85268009813711932243902851412720131192",
"127910799686446251573032714796141972461",
"317915112987228983872984951541524076517",
"119595734250822418082916335346187764783",
"280344511622321411695542974513683595619",
"275192099548447832383800525090673748096",
"60059610764973870169843246002943218277",
"49844391517794685838076835267481242019",
"76341804671509269910631398806997431939",
"199877962925703450942246389708950545239",
"85268009813711932243902851412720131192",
"127910799686446251573032714796141972461",
"317915112987228983872984951541524076517",
"119595734250822418082916335346187764783",
"248011505254492228778879518783186899294",
"208396123633197538896909917404951483627",
"195794326641101915051733163022874743997",
"314767588845823051847009760232725004522",
"184304449333469176190818985933019527826",
"169204796304043744921613953130373325715",
"262577981016962832592580604281587179665",
"198724730918162650849259887148670910341",
"31600479885629917681626731910596127498",
"85051793500418472908116474791897279783",
"245245845117166595092519527316077913334",
"311579263449387856925089991404688774732",
"311013711066919953352147146160440830125",
"267581160311557490293215877340505884398",
"196779091870229077775100653603798267470",
"208005235792818465421401665831451139006",
"214469634834500897493148843523155348052",
"37514254385979372422104098776428747166",
"188613781260395865865465914202813350268",
"40016174350011050766946705201035269003",
"57368313449350010642948067202768471960",
"201004219110027551966071744104034823360",
"94187638178765553280639833404371787606",
"141081130155880146015086630255008635172",
"60010445593249155460334656908969812489",
"206539317268171235000760493808962522998",
"129391234846296386766272697238756979512",
"80782673127105910294022016644134935760",
"319093107105222570932656523338079300327",
"210371439450095273358593055843972334180",
"267256813811325853352529219627528472068",
"330860602155362680996971183021243869060",
"293799400885914990942080900360913144046",
"43869490619389589921175331977116897066",
"61356075616806396292413926384617917742",
"74842490961057145256799337896783078964",
"328245447078167101847233272789792737501",
"18116462552618615242605653401364141834",
"100501257918915584660699944308255579692",
"327894646208571085849219973959674599719",
"30002925672724963048063077990796803845",
"42964112585579739935707917933656283945",
"156729127667338416760818598748343579805",
"144864279328727344910500455448198287068",
"10721190753707158039402289330603035602",
"146208844262340086085843262833750691633",
"76374792724000501132491222808241471575",
"80451287157992390641788784020711712689",
"304732533880544484208827857510733455194",
"137762106264604372593914326701384906578",
"248156365991301101258521767655633637679",
"281040131363539445390818274751077887867",
"56584674604176881024831371197822542578",
"7329500564522132839419928820917396960",
"252960527167273387230615833891466000995",
"156002069392051010631138090419018065220",
"152582682308984367630252827853425179834",
"150267385668886945766754295965847178961",
"81270905825578530242280567770930209253",
"310735231476616876965859781518101611377",
"168035290037392036861492980660334005806",
"278405524611047889254019076311422718571",
"51033934948083726933780641952645731556",
"250688823634730716274109548382351324467",
"30002925672724963048063077990796803845",
"42964112585579739935707917933656283945",
"156729127667338416760818598748343579805",
"144864279328727344910500455448198287068",
"149071325462575329583775047342511369972",
"215219083654422198058300820152706786345",
"73706643008637269101124940991724805815",
"72088545109763230353717860143557421951",
"72572616018804265123169302639266928010",
"119850380773717683120406962859617301900",
"31450803300969957023384347945028616413",
"206078285543893404992214366511506824124",
"32923041438227450571304596763095457391",
"92245580969678910181058986961529257261",
"107101177658079355183859586218533752091",
"213357168893883325696791598583082674964",
"229019996258154893802406786380187371856",
"266357248971703037204001536401780769275",
"156943364051037789263876098960703768728",
"152731791182433545239782291924439819713",
"197365771650009385424052632898155552042",
"114461012368112818405289261758762161889",
"313461793542350583050908605065492755931",
"146401967725097150205042937443749409725",
"79406270927398197351271364630377606616",
"156183579009787260663211731452429713918",
"68929432369241408654439393460445668304",
"146434907016031812504924957374637387162",
"146834367987584407296889826374891970580",
"91491274425299633919141859044617704757",
"148483969151447462151054098771530200155",
"65380433739681660552095601077876956012",
"181822593914963426685548723461750091751",
"206272720721570774349595818437306400840",
"277116073668830807790703137640981885577",
"96984690232669854817004031152219246798",
"48015271189669931980916543795582656621",
"287571988745486666996808397449383351893",
"92142914419499787559546965837015440187",
"111421853253437495894245035526378283048",
"9355466837878927354551456712365860100",
"277192501119569551604527538813509797924",
"271184807053033304599151420766322457616",
"79140427521286862371788453161376059963",
"86870180202957864501521906460056784790",
"3807190962590693336437008127375591664",
"18651509573646673155299879642865346093",
"252015391942232771733368695419452225080",
"228982040719140391998927396052301756874",
"39369812834149534908745480067625741637",
"169426448813005951503957580966628933757",
"81495390229592012098768500501090135944",
"15509920279985516784997386449134690393",
"260262144771831548429231130322407729987",
"97895547482358327870420859977110731244",
"145471985900961916163149108452312206093",
"310653664690870263301232109867576338390",
"275308619706479456751112711373693799257",
"67529825641641062587593495742467212334",
"125671071167602083986930695528365362233",
"329730422179338294745041799724506890756",
"210074421598555571561769062377178951306",
"297836367681778046423847541972215849969",
"301417627224177005705664803414008234596",
"323794689037889794160483784180959598984",
"295184498559071815422703323573648094678"
]
},
"id": "CURL-CVE-2025-0725-c0b2ea96",
"signature_type": "Line",
"source": "https://github.com/curl/curl.git/commit/76f83f0db23846e254d940ec7fe141010077eb88",
"target": {
"file": "lib/content_encoding.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "146684915780853530827077285482076992378",
"length": 539.0
},
"id": "CURL-CVE-2025-0725-d2c62d40",
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/76f83f0db23846e254d940ec7fe141010077eb88",
"target": {
"file": "lib/content_encoding.c",
"function": "gzip_do_init"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "162560073504462763242766379276408733327",
"length": 1112.0
},
"id": "CURL-CVE-2025-0725-fe19df11",
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/76f83f0db23846e254d940ec7fe141010077eb88",
"target": {
"file": "lib/content_encoding.c",
"function": "check_gzip_header"
}
}
]