Advisories ยป MGASA-2013-0188

Updated curl packages fix CVE-2013-2174

Publication date: 26 Jun 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-2174

Description

libcurl is vulnerable to a case of bad checking of the input data which may
lead to heap corruption. The function curl_easy_unescape() decodes URL encoded
strings to raw binary data. URL encoded octets are represented with %HH
combinations where HH is a two-digit hexadecimal number. The decoded string is
written to an allocated memory area that the function returns to the caller
(CVE-2013-2174)
                

References

SRPMS

2/core

3/core