SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2010-0734

Date: (C)2010-03-19 (M)2024-02-09

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

http://www.securityfocus.com/archive/1/514490/100/0/threaded

http://www.securityfocus.com/archive/1/516397/100/0/threaded

APPLE-SA-2010-06-15-1

FEDORA-2010-2720

FEDORA-2010-2762

http://www.openwall.com/lists/oss-security/2010/02/09/5

http://www.openwall.com/lists/oss-security/2010/03/09/1

http://www.openwall.com/lists/oss-security/2010/03/16/11

http://curl.haxx.se/docs/adv_20100209.html

http://curl.haxx.se/docs/security.html#20100209

http://curl.haxx.se/libcurl-contentencoding.patch

http://support.apple.com/kb/HT4188

http://support.avaya.com/css/P8/documents/100081819

http://wiki.rpath.com/Advisories:rPSA-2010-0072

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

https://bugzilla.redhat.com/show_bug.cgi?id=563220

oval:org.mitre.oval:def:10760

oval:org.mitre.oval:def:6756

oval:org.secpod.oval:def:200031
oval:org.secpod.oval:def:700540
oval:org.secpod.oval:def:300054
oval:org.secpod.oval:def:500431
...

© SecPod Technologies