Denial of Service Vulnerability in libcurl Versions by Curl
CVE-2010-0734

Currently unrated

Key Information:

Vendor: Curl
Status: Libcurl
Vendor: CVE Published:; 19 March 2010

What is CVE-2010-0734?

The vulnerability in libcurl versions 7.10.5 through 7.19.7 arises from improper handling of data length limits when zlib is enabled. This flaw can be exploited by remote attackers who send specially crafted compressed data to affected applications that automatically decompress content. If not mitigated, this may lead to denial of service scenarios, causing the application to crash or behave unpredictably.

References

http://lists.apple.com/archives/security-announce/2010//J...

vendor-advisoryx_refsource_APPLE

http://www.vupen.com/english/advisories/2010/0571

vdb-entryx_refsource_VUPEN

http://www.vupen.com/english/advisories/2010/0602

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Mar 19, 2010
Vulnerability Reserved
Feb 26, 2010