FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

curl -- TFTP packet buffer overflow vulnerability

Affected packages
7.14.1 < curl < 7.15.3
7.14.1 < linux-curl < 7.15.3

Details

VuXML ID b8e361b8-b7ff-11da-8414-0013d4a4a40e
Discovery 2006-03-20
Entry 2006-03-20
Modified 2006-10-05

A Project cURL Security Advisory reports:

libcurl uses the given file part of a TFTP URL in a manner that allows a malicious user to overflow a heap-based memory buffer due to the lack of boundary check.

This overflow happens if you pass in a URL with a TFTP protocol prefix ("tftp://"), using a valid host and a path part that is longer than 512 bytes.

The affected flaw can be triggered by a redirect, if curl/libcurl is told to follow redirects and an HTTP server points the client to a tftp URL with the characteristics described above.

References

CVE Name CVE-2006-1061
URL http://curl.haxx.se/docs/adv_20060320.html