Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CentOS Update for curl CESA-2013:0983 centos5

Information

Severity

Severity

Medium

Family

Family

CentOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

6.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

9 years ago

Modified

Modified

3 years ago

Summary

The remote host is missing an update for the 'curl' package(s) announced via the referenced advisory.

Insight

Insight

cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when processed by an application using libcurl that handles untrusted URLs, would possibly cause it to crash or, potentially, execute arbitrary code. (CVE-2013-2174) Red Hat would like to thank the cURL project for reporting this issue. Upstream acknowledges Timo Sirainen as the original reporter. Users of curl should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libcurl must be restarted for the update to take effect.

Affected Software

Affected Software

curl on CentOS 5

Solution

Solution

Please install the updated packages.

Common Vulnerabilities and Exposures (CVE)