CURL-CVE-2006-1061

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2006-1061.html

Import Source

https://curl.se/docs/CURL-CVE-2006-1061.json

JSON Data

https://api.test.osv.dev/v1/vulns/CURL-CVE-2006-1061

Aliases

CVE-2006-1061

Published

2006-03-20T08:00:00Z

Modified

2024-06-07T13:53:51Z

Summary

TFTP Packet Buffer Overflow

Details

libcurl uses the given file part of a TFTP URL in a manner that allows a malicious user to overflow a heap-based memory buffer due to the lack of boundary check.

This overflow happens if you pass in a URL with a TFTP protocol prefix ("tftp://"), using a valid host and a path part that is longer than 512 bytes.

The affected flaw can be triggered by a redirect, if curl/libcurl is told to follow redirects and an HTTP server points the client to a tftp URL with the characteristics described above.

Database specific

{
    "CWE": {
        "desc": "Heap-based Buffer Overflow",
        "id": "CWE-122"
    },
    "package": "curl",
    "last_affected": "7.15.2",
    "severity": "High",
    "affects": "both",
    "URL": "https://curl.se/docs/CVE-2006-1061.json",
    "www": "https://curl.se/docs/CVE-2006-1061.html"
}

References

Credits

- Ulf Harnhammar - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git /

Affected ranges

Type: SEMVER
Events: Introduced

7.15.0

Fixed

7.15.3

Affected versions

7.*

7.15.0

7.15.1

7.15.2