cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: an exploitable buffer overflow in cURL?

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 6 May 2002 20:13:19 +0200 (MET DST)

On Mon, 6 May 2002, Jean-Philippe Barrette-LaPierre wrote:

> on bugtrack an exploit for cURL (a buffer overflow) as been "discovered",
> anyone know something about that? Is it fixed in the current version?

I only know about one curl buffer overflow ever mentioned on bugtraq, and
that was published on October 13, 2000:

http://online.securityfocus.com/bid/1804

That particular problem was fixed in curl 7.4.1. (My comments on the
"exploit" is found here: http://online.securityfocus.com/archive/1/140883)

Are you referring to this or to another problem?

-- 
    Daniel Stenberg -- curl groks URLs -- http://curl.haxx.se/
_______________________________________________________________
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth_at_sourceforge.net

Received on 2002-05-06

This message: [ Message body ]
Next message: John Brayton: "FTP Delete with libcurl"
Previous message: Jean-Philippe Barrette-LaPierre: "an exploitable buffer overflow in cURL?"
In reply to: Jean-Philippe Barrette-LaPierre: "an exploitable buffer overflow in cURL?"
Next in thread: sm: "Re: an exploitable buffer overflow in cURL?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]