FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b8e361b8-b7ff-11da-8414-0013d4a4a40ecurl -- TFTP packet buffer overflow vulnerability

A Project cURL Security Advisory reports:

libcurl uses the given file part of a TFTP URL in a manner that allows a malicious user to overflow a heap-based memory buffer due to the lack of boundary check.

This overflow happens if you pass in a URL with a TFTP protocol prefix ("tftp://"), using a valid host and a path part that is longer than 512 bytes.

The affected flaw can be triggered by a redirect, if curl/libcurl is told to follow redirects and an HTTP server points the client to a tftp URL with the characteristics described above.


Discovery 2006-03-20
Entry 2006-03-20
Modified 2006-10-05
curl
linux-curl
gt 7.14.1 lt 7.15.3

CVE-2006-1061
http://curl.haxx.se/docs/adv_20060320.html