OSV-2021-1629

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/curl/OSV-2021-1629.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2021-1629
Published
2021-11-27T00:01:35.152286Z
Modified
2022-04-13T03:04:42.952015Z
Summary
Heap-buffer-overflow in Curl_sasl_decode_mech
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41403

Crash type: Heap-buffer-overflow READ 10
Crash state:
Curl_sasl_decode_mech
Curl_sasl_parse_url_auth_option
smtp_parse_url_options
References

Affected packages

OSS-Fuzz / curl

Package

Name
curl
Purl
pkg:generic/curl

Affected ranges

Type
GIT
Repo
https://github.com/curl/curl.git
Events
Introduced
0969805e20ffe3731a9b020a990a907c3eec907f
Fixed
2361d11d4c9602937aa081a6899f1b313398514a

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific 

{
    "introduced_range": "cc2870e275666ef7e4a6c27fa8b99938c6d1ff2f:a5f5687368a5f95415d58d37e8dfb10c6b6d44c5",
    "fixed_range": "a5f5687368a5f95415d58d37e8dfb10c6b6d44c5:2361d11d4c9602937aa081a6899f1b313398514a"
}