OSV-2021-1796

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/curl/OSV-2021-1796.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2021-1796
Published
2022-01-02T00:01:47.989011Z
Modified
2022-04-13T03:04:42.901090Z
Summary
Heap-buffer-overflow in Curl_sasl_decode_mech
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43186

Crash type: Heap-buffer-overflow READ 10
Crash state:
Curl_sasl_decode_mech
Curl_sasl_parse_url_auth_option
pop3_parse_url_options
References

Affected packages

OSS-Fuzz / curl

Package

Name
curl
Purl
pkg:generic/curl

Affected ranges

Type
GIT
Repo
https://github.com/curl/curl.git
Events
Introduced
e1b04106f8cf3cf2a0b5284ddc048ea621ce94c9
Fixed
d8f6e5dc8ebce2b2c258227651c5f193de5e58f8

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific 

{
    "introduced_range": "a4d9876c314a1786912006f6e60f21f3571ae3d1:d8f6e5dc8ebce2b2c258227651c5f193de5e58f8"
}