OSV-2021-1737

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/curl/OSV-2021-1737.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2021-1737
Published
2021-12-22T00:01:51.212187Z
Modified
2022-04-13T03:04:42.934553Z
Summary
Heap-buffer-overflow in Curl_sasl_decode_mech
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42727

Crash type: Heap-buffer-overflow READ 10
Crash state:
Curl_sasl_decode_mech
Curl_sasl_parse_url_auth_option
pop3_parse_url_options
References

Affected packages

OSS-Fuzz / curl

Package

Name
curl
Purl
pkg:generic/curl

Affected ranges

Type
GIT
Repo
https://github.com/curl/curl.git
Events
Introduced
7a92f865b43aac942ae5755a7a3a06775751fdea
Fixed
ef4dc1b5be8c092550617ea0f1b9844a9cdc6ae8

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific 

{
    "fixed_range": "7a92f865b43aac942ae5755a7a3a06775751fdea:ef4dc1b5be8c092550617ea0f1b9844a9cdc6ae8"
}