Download
| Alert*
[3.4] curl: escape and unescape integer overflows (CVE-2016-7167)
The four libcurl functions curl_escape, curl_easy_escape, curl_unescape and curl_easy_unescape perform string URL percent escaping and unescaping. They accept custom string length inputs in signed integer arguments. Affected versions: libcurl 7.11.1 to and including 7.50.2 Not affected versions: libcurl = 7.50.3.
|