content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Curl
  • Libcurl
Redhat
  • Enterprise Linux

Configuration 1 [-]

OR cpe:2.3:a:curl:libcurl:7.10.5:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.10.6:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.10.7:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.10.8:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.11.0:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.11.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.11.2:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.12:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.12.0:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.12.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.12.2:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.12.3:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.13:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.13.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.13.2:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.14:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.14.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.15:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.15.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.15.2:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.15.3:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.16.3:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.17.0:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.17.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.18.0:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.18.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.18.2:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.19.0:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.19.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.19.2:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.19.3:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.19.4:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.19.5:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.19.6:*:*:*:*:*:*:*
cpe:2.3:a:curl:libcurl:7.19.7:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 3
curl-0:7.10.6-11.rhel3 cpe:/o:redhat:enterprise_linux:3 RHSA-2010:0329 2010-03-30T00:00:00Z
Red Hat Enterprise Linux 4
curl-0:7.12.1-11.1.el4_8.3 cpe:/o:redhat:enterprise_linux:4 RHSA-2010:0329 2010-03-30T00:00:00Z
Red Hat Enterprise Linux 5
curl-0:7.15.5-9.el5 cpe:/o:redhat:enterprise_linux:5 RHSA-2010:0273 2010-03-29T00:00:00Z
References
Link Providers
http://curl.haxx.se/docs/adv_20100209.html cve-icon cve-icon
http://curl.haxx.se/docs/security.html#20100209 cve-icon cve-icon
http://curl.haxx.se/libcurl-contentencoding.patch cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html cve-icon cve-icon
http://secunia.com/advisories/38843 cve-icon cve-icon
http://secunia.com/advisories/38981 cve-icon cve-icon
http://secunia.com/advisories/39087 cve-icon cve-icon
http://secunia.com/advisories/39734 cve-icon cve-icon
http://secunia.com/advisories/40220 cve-icon cve-icon
http://secunia.com/advisories/45047 cve-icon cve-icon
http://secunia.com/advisories/48256 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-201203-02.xml cve-icon cve-icon
http://support.apple.com/kb/HT4188 cve-icon cve-icon
http://support.avaya.com/css/P8/documents/100081819 cve-icon cve-icon
http://wiki.rpath.com/Advisories:rPSA-2010-0072 cve-icon cve-icon
http://www.debian.org/security/2010/dsa-2023 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2010:062 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2010/02/09/5 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2010/03/09/1 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2010/03/16/11 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0329.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/514490/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/516397/100/0/threaded cve-icon cve-icon
http://www.ubuntu.com/usn/USN-1158-1 cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2011-0003.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/0571 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/0602 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/0660 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/0725 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/1481 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=563220 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2010-0734 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2010-0734 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-03-19T19:00:00

Updated: 2024-08-07T00:59:39.012Z

Reserved: 2010-02-26T00:00:00

Link: CVE-2010-0734

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2010-03-19T19:30:00.577

Modified: 2018-10-10T19:53:29.310

Link: CVE-2010-0734

cve-icon Redhat

Severity : Moderate

Publid Date: 2010-02-09T00:00:00Z

Links: CVE-2010-0734 - Bugzilla