CVE-2013-2174

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
haxxcurl
7.7
haxxcurl
7.7.1
haxxcurl
7.7.2
haxxcurl
7.7.3
haxxcurl
7.8
haxxcurl
7.8.1
haxxcurl
7.9
haxxcurl
7.9.1
haxxcurl
7.9.2
haxxcurl
7.9.3
haxxcurl
7.9.4
haxxcurl
7.9.5
haxxcurl
7.9.6
haxxcurl
7.9.7
haxxcurl
7.9.8
haxxcurl
7.10
haxxcurl
7.10.1
haxxcurl
7.10.2
haxxcurl
7.10.3
haxxcurl
7.10.4
haxxcurl
7.10.5
haxxcurl
7.10.6
haxxcurl
7.10.7
haxxcurl
7.10.8
haxxcurl
7.11.0
haxxcurl
7.11.1
haxxcurl
7.11.2
haxxcurl
7.12.0
haxxcurl
7.12.1
haxxcurl
7.12.2
haxxcurl
7.12.3
haxxcurl
7.13.0
haxxcurl
7.13.1
haxxcurl
7.13.2
haxxcurl
7.14.0
haxxcurl
7.14.1
haxxcurl
7.15.0
haxxcurl
7.15.1
haxxcurl
7.15.2
haxxcurl
7.15.3
haxxcurl
7.15.4
haxxcurl
7.15.5
haxxcurl
7.16.0
haxxcurl
7.16.1
haxxcurl
7.16.2
haxxcurl
7.16.3
haxxcurl
7.16.4
haxxcurl
7.17.0
haxxcurl
7.17.1
haxxcurl
7.18.0
haxxcurl
7.18.1
haxxcurl
7.18.2
haxxcurl
7.19.0
haxxcurl
7.19.1
haxxcurl
7.19.2
haxxcurl
7.19.3
haxxcurl
7.19.4
haxxcurl
7.19.5
haxxcurl
7.19.6
haxxcurl
7.19.7
haxxcurl
7.20.0
haxxcurl
7.20.1
haxxcurl
7.21.0
haxxcurl
7.21.1
haxxcurl
7.21.2
haxxcurl
7.21.3
haxxcurl
7.21.4
haxxcurl
7.21.5
haxxcurl
7.21.6
haxxcurl
7.21.7
haxxcurl
7.22.0
haxxcurl
7.23.0
haxxcurl
7.23.1
haxxcurl
7.24.0
haxxcurl
7.25.0
haxxcurl
7.26.0
haxxcurl
7.27.0
haxxcurl
7.28.0
haxxcurl
7.28.1
haxxcurl
7.29.0
haxxcurl
7.30.0
haxxlibcurl
7.7
haxxlibcurl
7.7.1
haxxlibcurl
7.7.2
haxxlibcurl
7.7.3
haxxlibcurl
7.8
haxxlibcurl
7.8.1
haxxlibcurl
7.9
haxxlibcurl
7.9.1
haxxlibcurl
7.9.2
haxxlibcurl
7.9.3
haxxlibcurl
7.9.4
haxxlibcurl
7.9.5
haxxlibcurl
7.9.6
haxxlibcurl
7.9.7
haxxlibcurl
7.9.8
haxxlibcurl
7.10
haxxlibcurl
7.10.1
haxxlibcurl
7.10.2
haxxlibcurl
7.10.3
haxxlibcurl
7.10.4
haxxlibcurl
7.10.5
haxxlibcurl
7.10.6
haxxlibcurl
7.10.7
haxxlibcurl
7.10.8
haxxlibcurl
7.11.0
haxxlibcurl
7.11.1
haxxlibcurl
7.11.2
haxxlibcurl
7.12.0
haxxlibcurl
7.12.1
haxxlibcurl
7.12.2
haxxlibcurl
7.12.3
haxxlibcurl
7.13.0
haxxlibcurl
7.13.1
haxxlibcurl
7.13.2
haxxlibcurl
7.14.0
haxxlibcurl
7.14.1
haxxlibcurl
7.15.0
haxxlibcurl
7.15.1
haxxlibcurl
7.15.2
haxxlibcurl
7.15.3
haxxlibcurl
7.15.4
haxxlibcurl
7.15.5
haxxlibcurl
7.16.0
haxxlibcurl
7.16.1
haxxlibcurl
7.16.2
haxxlibcurl
7.16.3
haxxlibcurl
7.16.4
haxxlibcurl
7.17.0
haxxlibcurl
7.17.1
haxxlibcurl
7.18.0
haxxlibcurl
7.18.1
haxxlibcurl
7.18.2
haxxlibcurl
7.19.0
haxxlibcurl
7.19.1
haxxlibcurl
7.19.2
haxxlibcurl
7.19.3
haxxlibcurl
7.19.4
haxxlibcurl
7.19.5
haxxlibcurl
7.19.6
haxxlibcurl
7.19.7
haxxlibcurl
7.20.0
haxxlibcurl
7.20.1
haxxlibcurl
7.21.0
haxxlibcurl
7.21.1
haxxlibcurl
7.21.2
haxxlibcurl
7.21.3
haxxlibcurl
7.21.4
haxxlibcurl
7.21.5
haxxlibcurl
7.21.6
haxxlibcurl
7.21.7
haxxlibcurl
7.22.0
haxxlibcurl
7.23.0
haxxlibcurl
7.23.1
haxxlibcurl
7.24.0
haxxlibcurl
7.25.0
haxxlibcurl
7.26.0
haxxlibcurl
7.27.0
haxxlibcurl
7.28.0
haxxlibcurl
7.28.1
haxxlibcurl
7.29.0
haxxlibcurl
7.30.0
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
canonicalubuntu_linux
13.04
opensuseopensuse
11.4
redhatenterprise_linux
6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
curl
bullseye
7.74.0-1.3+deb11u13
fixed
bullseye (security)
7.74.0-1.3+deb11u11
fixed
bookworm
7.88.1-10+deb12u7
fixed
bookworm (security)
7.88.1-10+deb12u5
fixed
sid
8.10.1-2
fixed
trixie
8.10.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
curl
raring
Fixed 7.29.0-1ubuntu3.1
released
quantal
Fixed 7.27.0-1ubuntu1.3
released
precise
Fixed 7.22.0-3ubuntu4.2
released
lucid
Fixed 7.19.7-1ubuntu1.3
released
Common Weakness Enumeration
References
http://curl.haxx.se/docs/adv_20130622.html
http://lists.opensuse.org/opensuse-updates/2013-07/msg00013.html
http://rhn.redhat.com/errata/RHSA-2013-0983.html
http://www.debian.org/security/2013/dsa-2713
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/60737
http://www.ubuntu.com/usn/USN-1894-1
https://github.com/bagder/curl/commit/192c4f788d48f82c03e9cef40013f34370e90737
http://curl.haxx.se/docs/adv_20130622.html
http://lists.opensuse.org/opensuse-updates/2013-07/msg00013.html
http://rhn.redhat.com/errata/RHSA-2013-0983.html
http://www.debian.org/security/2013/dsa-2713
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/60737
http://www.ubuntu.com/usn/USN-1894-1
https://github.com/bagder/curl/commit/192c4f788d48f82c03e9cef40013f34370e90737