FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  362910
Date:      2014-07-25
Time:      14:12:54Z
Committer: ohauer

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
9b4facec-6761-11da-99f6-00123ffe8333curl -- URL buffer overflow vulnerability

A Project cURL Security Advisory reports:

libcurl's URL parser function can overflow a malloced buffer in two ways, if given a too long URL.

1 - pass in a URL with no protocol (like "http://") prefix, using no slash and the string is 256 bytes or longer. This leads to a single zero byte overflow of the malloced buffer.

2 - pass in a URL with only a question mark as separator (no slash) between the host and the query part of the URL. This leads to a single zero byte overflow of the malloced buffer.

Both overflows can be made with the same input string, leading to two single zero byte overwrites.

The affected flaw cannot be triggered by a redirect, but the long URL must be passed in "directly" to libcurl. It makes this a "local" problem. Of course, lots of programs may still pass in user-provided URLs to libcurl without doing much syntax checking of their own, allowing a user to exploit this vulnerability.


Discovery 2005-12-07
Entry 2005-12-09
Modified 2006-01-01
curl
ge 7.11.2 lt 7.15.1

15756
CVE-2005-4077
http://curl.haxx.se/docs/adv_20051207.html
http://www.hardened-php.net/advisory_242005.109.html
http://secunia.com/advisories/17907/
5d433534-f41c-402e-ade5-e0a2259a7cb6curl -- cURL/libcURL Location: Redirect URLs Security Bypass

Secunia reports:

The security issue is caused due to cURL following HTTP Location: redirects to e.g. scp:// or file:// URLs which can be exploited by a malicious HTTP server to overwrite or disclose the content of arbitrary local files and potentially execute arbitrary commands via specially crafted redirect URLs.


Discovery 2009-03-03
Entry 2009-03-04
curl
ge 5.11 lt 7.19.4

CVE-2009-0037
http://secunia.com/advisories/34138/
5d433534-f41c-402e-ade5-e0a2259a7cb6curl -- cURL/libcURL Location: Redirect URLs Security Bypass

Secunia reports:

The security issue is caused due to cURL following HTTP Location: redirects to e.g. scp:// or file:// URLs which can be exploited by a malicious HTTP server to overwrite or disclose the content of arbitrary local files and potentially execute arbitrary commands via specially crafted redirect URLs.


Discovery 2009-03-03
Entry 2009-03-04
curl
ge 5.11 lt 7.19.4

CVE-2009-0037
http://secunia.com/advisories/34138/
c8c31c41-49ed-11df-83fb-0015587e2cc1curl -- libcurl buffer overflow vulnerability

The cURL project reports in a security advisory:

Using the affected libcurl version to download compressed content over HTTP, an application can ask libcurl to automatically uncompress data. When doing so, libcurl can wrongly send data up to 64K in size to the callback which thus is much larger than the documented maximum size.

An application that blindly trusts libcurl's max limit for a fixed buffer size or similar is then a possible target for a buffer overflow vulnerability.


Discovery 2010-02-09
Entry 2010-04-19
curl
ge 7.10.5 lt 7.20.0

CVE-2010-0734
http://curl.haxx.se/docs/adv_20100209.html
http://www.debian.org/security/2010/dsa-2023
http://www.openwall.com/lists/oss-security/2010/02/09/5
c8c31c41-49ed-11df-83fb-0015587e2cc1curl -- libcurl buffer overflow vulnerability

The cURL project reports in a security advisory:

Using the affected libcurl version to download compressed content over HTTP, an application can ask libcurl to automatically uncompress data. When doing so, libcurl can wrongly send data up to 64K in size to the callback which thus is much larger than the documented maximum size.

An application that blindly trusts libcurl's max limit for a fixed buffer size or similar is then a possible target for a buffer overflow vulnerability.


Discovery 2010-02-09
Entry 2010-04-19
curl
ge 7.10.5 lt 7.20.0

CVE-2010-0734
http://curl.haxx.se/docs/adv_20100209.html
http://www.debian.org/security/2010/dsa-2023
http://www.openwall.com/lists/oss-security/2010/02/09/5
9b4facec-6761-11da-99f6-00123ffe8333curl -- URL buffer overflow vulnerability

A Project cURL Security Advisory reports:

libcurl's URL parser function can overflow a malloced buffer in two ways, if given a too long URL.

1 - pass in a URL with no protocol (like "http://") prefix, using no slash and the string is 256 bytes or longer. This leads to a single zero byte overflow of the malloced buffer.

2 - pass in a URL with only a question mark as separator (no slash) between the host and the query part of the URL. This leads to a single zero byte overflow of the malloced buffer.

Both overflows can be made with the same input string, leading to two single zero byte overwrites.

The affected flaw cannot be triggered by a redirect, but the long URL must be passed in "directly" to libcurl. It makes this a "local" problem. Of course, lots of programs may still pass in user-provided URLs to libcurl without doing much syntax checking of their own, allowing a user to exploit this vulnerability.


Discovery 2005-12-07
Entry 2005-12-09
Modified 2006-01-01
curl
ge 7.11.2 lt 7.15.1

15756
CVE-2005-4077
http://curl.haxx.se/docs/adv_20051207.html
http://www.hardened-php.net/advisory_242005.109.html
http://secunia.com/advisories/17907/