Heap buffer overflow vulnerability in libcurl's default protocol function on Windows and DOS

Heap buffer overflow vulnerability in libcurl's default protocol function on Windows and DOS

CVE-2017-9502 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given "URL" starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string "file://").

Learn more about our Web Application Penetration Testing UK.