OSV-2020-1230

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/curl/OSV-2020-1230.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2020-1230

Published

2020-07-22T21:49:58.592376Z

Modified

2022-04-13T03:04:42.884077Z

Summary

Heap-buffer-overflow in to_u32

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16734

Crash type: Heap-buffer-overflow READ 1
Crash state:
to_u32
fuzz_get_tlv_comn
fuzz_add_mime_part

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16734

Affected packages

OSS-Fuzz / curl

Package

Name: curl
Purl: pkg:generic/curl

Affected ranges

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

0a5d28fa2ec872de55c8d3f3b62675f17ca9cd45

Fixed

25f962193574e35fe638764c3afb9d25d8a9768b

Ecosystem specific

{
    "severity": "MEDIUM",
    "introduced_range": "unknown:0a5d28fa2ec872de55c8d3f3b62675f17ca9cd45",
    "fixed_range": "0a5d28fa2ec872de55c8d3f3b62675f17ca9cd45:25f962193574e35fe638764c3afb9d25d8a9768b"
}