Download
| Alert*
|
oval:org.secpod.oval:def:1800283
CVE-2017-1000100: TFTP sends more than buffer size. When doing an TFTP upload and curl/libcurl is given a URL that contains a very long file name , the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too lar ... oval:org.secpod.oval:def:1800233 CVE-2017-1000099: FILE buffer read out of bounds¶ When asking to get a file from a file:// URL, libcurl provides a feature thatoutputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user , which could lead to other private data from the ... oval:org.secpod.oval:def:1600754 FILE buffer read out of bounds TFTP sends more than buffer size URL globbing out of bounds read oval:org.secpod.oval:def:1800733 CVE-2017-1000100: TFTP sends more than buffer size When doing an TFTP upload and curl/libcurl is given a URL that contains a very long file name , the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too larg ... oval:org.secpod.oval:def:1800855 CVE-2017-1000100: TFTP sends more than buffer size; When doing an TFTP upload and curl/libcurl is given a URL that contains a very long file name , the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too lar ... oval:org.secpod.oval:def:2101919 When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application"s provide callback), which could lead to other private data from the heap to ... |
