RHSA-2017:3263

Affecting libcurl package, versions <0:7.29.0-42.el7_4.1

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application. (CVE-2017-1000257) Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter and the OSS-Fuzz project as the original reporters.

CVE
RHSA-2017:3263
Snyk ID
SNYK-CENTOS7-LIBCURL-277988
Published
27 Jun, 2018