CVE-2013-2174

EPSS 3.2%

curl - heap overflow

Published: 7/31/2013Modified: 4/28/2026

Also known as:DEBIAN-CVE-2013-2174

Description

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.

Affected packages (2)

Debian/curlfrom 0, < 7.31.0-1
Debian/curlfrom 0, < 7.21.0-2.1+squeeze4

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-2174