Vulnerability-Lookup

CVE-2010-0734 (GCVE-0-2010-0734)

Vulnerability from cvelistv5 – Published: 2010-03-19 19:00 – Updated: 2024-08-07 00:59

Summary

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.vupen.com/english/advisories/2010/0571	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2010/0602	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/514490/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/38843	third-party-advisoryx_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2010/03/09/1	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/38981	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/1481	vdb-entryx_refsource_VUPEN
	http://www.ubuntu.com/usn/USN-1158-1	vendor-advisoryx_refsource_UBUNTU
	http://curl.haxx.se/docs/adv_20100209.html	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/0725	vdb-entryx_refsource_VUPEN
	http://www.debian.org/security/2010/dsa-2023	vendor-advisoryx_refsource_DEBIAN
	http://www.redhat.com/support/errata/RHSA-2010-03…	vendor-advisoryx_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://support.apple.com/kb/HT4188	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=563220	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/40220	third-party-advisoryx_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-201203-02.xml	vendor-advisoryx_refsource_GENTOO
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/48256	third-party-advisoryx_refsource_SECUNIA
	http://support.avaya.com/css/P8/documents/100081819	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2010/0…	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/39087	third-party-advisoryx_refsource_SECUNIA
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://secunia.com/advisories/45047	third-party-advisoryx_refsource_SECUNIA
	http://wiki.rpath.com/Advisories:rPSA-2010-0072	x_refsource_CONFIRM
	http://curl.haxx.se/libcurl-contentencoding.patch	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/516397/100…	mailing-listx_refsource_BUGTRAQ
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/39734	third-party-advisoryx_refsource_SECUNIA
	http://curl.haxx.se/docs/security.html#20100209	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/0660	vdb-entryx_refsource_VUPEN
	http://www.openwall.com/lists/oss-security/2010/02/09/5	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:59:39.012Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2010-06-15-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
          },
          {
            "name": "ADV-2010-0571",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0571"
          },
          {
            "name": "ADV-2010-0602",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0602"
          },
          {
            "name": "20101027 rPSA-2010-0072-1 curl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/514490/100/0/threaded"
          },
          {
            "name": "38843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38843"
          },
          {
            "name": "[oss-security] 20100309 Re: CVE Request -- cURL/libCURL 7.20.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/03/09/1"
          },
          {
            "name": "38981",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38981"
          },
          {
            "name": "ADV-2010-1481",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1481"
          },
          {
            "name": "USN-1158-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1158-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/docs/adv_20100209.html"
          },
          {
            "name": "ADV-2010-0725",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0725"
          },
          {
            "name": "DSA-2023",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2023"
          },
          {
            "name": "RHSA-2010:0329",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0329.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10760",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4188"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=563220"
          },
          {
            "name": "MDVSA-2010:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:062"
          },
          {
            "name": "40220",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40220"
          },
          {
            "name": "GLSA-201203-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
          },
          {
            "name": "FEDORA-2010-2720",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html"
          },
          {
            "name": "FEDORA-2010-2762",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html"
          },
          {
            "name": "48256",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48256"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100081819"
          },
          {
            "name": "[oss-security] 20100316 Re: CVE Request -- cURL/libCURL 7.20.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/03/16/11"
          },
          {
            "name": "39087",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39087"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "45047",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45047"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0072"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/libcurl-contentencoding.patch"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:6756",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756"
          },
          {
            "name": "39734",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39734"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/docs/security.html#20100209"
          },
          {
            "name": "ADV-2010-0660",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0660"
          },
          {
            "name": "[oss-security] 20100209 CVE Request -- cURL/libCURL 7.20.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/02/09/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-02-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "APPLE-SA-2010-06-15-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
        },
        {
          "name": "ADV-2010-0571",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0571"
        },
        {
          "name": "ADV-2010-0602",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0602"
        },
        {
          "name": "20101027 rPSA-2010-0072-1 curl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/514490/100/0/threaded"
        },
        {
          "name": "38843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38843"
        },
        {
          "name": "[oss-security] 20100309 Re: CVE Request -- cURL/libCURL 7.20.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/03/09/1"
        },
        {
          "name": "38981",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38981"
        },
        {
          "name": "ADV-2010-1481",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1481"
        },
        {
          "name": "USN-1158-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1158-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/docs/adv_20100209.html"
        },
        {
          "name": "ADV-2010-0725",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0725"
        },
        {
          "name": "DSA-2023",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2023"
        },
        {
          "name": "RHSA-2010:0329",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0329.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10760",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4188"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=563220"
        },
        {
          "name": "MDVSA-2010:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:062"
        },
        {
          "name": "40220",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40220"
        },
        {
          "name": "GLSA-201203-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
        },
        {
          "name": "FEDORA-2010-2720",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html"
        },
        {
          "name": "FEDORA-2010-2762",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html"
        },
        {
          "name": "48256",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48256"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100081819"
        },
        {
          "name": "[oss-security] 20100316 Re: CVE Request -- cURL/libCURL 7.20.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/03/16/11"
        },
        {
          "name": "39087",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39087"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "45047",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45047"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0072"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/libcurl-contentencoding.patch"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:6756",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756"
        },
        {
          "name": "39734",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39734"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/docs/security.html#20100209"
        },
        {
          "name": "ADV-2010-0660",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0660"
        },
        {
          "name": "[oss-security] 20100209 CVE Request -- cURL/libCURL 7.20.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/02/09/5"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-0734",
    "datePublished": "2010-03-19T19:00:00.000Z",
    "dateReserved": "2010-02-26T00:00:00.000Z",
    "dateUpdated": "2024-08-07T00:59:39.012Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2010-AVI-461

Vulnerability from certfr_avis - Published: 2010-10-01 - Updated: 2010-10-01

De nombreuses vulnérabilités affectant différents logiciels inclus dans VMware ESX Console OS ont été corrigées.

Description

Plusieurs logiciels vulnérables inclus dans VMware ESX Console OS ont été mis à jour par l'éditeur :

le composant NSS_db est mis à jour pour corriger une vulnérabilité permettant à un utilisateur malveillant d'accéder à des données confidentielles (CVE-2010-0826) ;
une mise à jour du composant OpenLDAP corrige un erreur dans la gestion du Common Name d'un certificat X.509, qui permet une attaque du type « homme au milieu » (CVE-2009-3767) ;
la bibliothèque libcurl est mise à jour afin de corriger une vulnérabilité permettant à un attaquant d'effectuer à distance un déni de service par arrêt inopiné (CVE-2010-0734) ;
le logiciel sudo est mis à jour pour corriger une erreur concernant la gestion d'une variable d'environnement permettant à un utilisateur malveillant d'élever ses privilèges (CVE-2010-1646) ;
une mise à jour groupée des composants OpenSSL, GnuTLS, NSS et NSPR corrige différentes vulnérabilités permettant entre autres un déni de service et l'élévation de privilèges (CVE-2009-3555, CVE-2009-2409, CVE-2009-3245 et CVE-2010-0433).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

VMware ESX 4.0 Console OS (COS).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité VMSA-2010-0015 du 30 septembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eVMware ESX 4.0 Console OS (COS).\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs logiciels vuln\u00e9rables inclus dans VMware ESX Console OS ont\n\u00e9t\u00e9 mis \u00e0 jour par l\u0027\u00e9diteur :\n\n-   le composant NSS_db est mis \u00e0 jour pour corriger une vuln\u00e9rabilit\u00e9\n    permettant \u00e0 un utilisateur malveillant d\u0027acc\u00e9der \u00e0 des donn\u00e9es\n    confidentielles (CVE-2010-0826) ;\n-   une mise \u00e0 jour du composant OpenLDAP corrige un erreur dans la\n    gestion du Common Name d\u0027un certificat X.509, qui permet une attaque\n    du type \u00ab homme au milieu \u00bb (CVE-2009-3767) ;\n-   la biblioth\u00e8que libcurl est mise \u00e0 jour afin de corriger une\n    vuln\u00e9rabilit\u00e9 permettant \u00e0 un attaquant d\u0027effectuer \u00e0 distance un\n    d\u00e9ni de service par arr\u00eat inopin\u00e9 (CVE-2010-0734) ;\n-   le logiciel sudo est mis \u00e0 jour pour corriger une erreur concernant\n    la gestion d\u0027une variable d\u0027environnement permettant \u00e0 un\n    utilisateur malveillant d\u0027\u00e9lever ses privil\u00e8ges (CVE-2010-1646) ;\n-   une mise \u00e0 jour group\u00e9e des composants OpenSSL, GnuTLS, NSS et NSPR\n    corrige diff\u00e9rentes vuln\u00e9rabilit\u00e9s permettant entre autres un d\u00e9ni\n    de service et l\u0027\u00e9l\u00e9vation de privil\u00e8ges (CVE-2009-3555,\n    CVE-2009-2409, CVE-2009-3245 et CVE-2010-0433).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0433"
    },
    {
      "name": "CVE-2010-0826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0826"
    },
    {
      "name": "CVE-2010-0734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0734"
    },
    {
      "name": "CVE-2009-3767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3767"
    },
    {
      "name": "CVE-2010-1646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1646"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2009-2409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2409"
    }
  ],
  "initial_release_date": "2010-10-01T00:00:00",
  "last_revision_date": "2010-10-01T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-461",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-10-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s affectant diff\u00e9rents logiciels inclus dans\n\u003cspan class=\"textit\"\u003eVMware ESX Console OS\u003c/span\u003e ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware ESX Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMSA-2010-0015 du 30 septembre 2010",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000106.html"
    }
  ]
}

CERTA-2010-AVI-138

Vulnerability from certfr_avis - Published: 2010-03-29 - Updated: 2010-03-29

Une vulnérabilité de type débordement de mémoire permet à un utilisateur distant d'effectuer un déni de service.

Description

Une vulnérabilité découverte dans Curl/LibCurl permet de créer un déni de service. La vulnérabilité n'est exploitable que si l'option de décompression automatique à été activée par l'application.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

cURL et LibCurl en versions 7.10.5 à 7.19.7 (inclus)

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Curl du 9 février 2010	None	vendor-advisory
Bulletin de sécurité cURL du 9 fevrier 2010 :	-	other
Bulletin de sécurité Mandriva MDVSA-2010:062 du 19 mars 2010 :	-	other
Bulletin de sécurité Debian DSA 2023 du 28 mars 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003ecURL et LibCurl en versions 7.10.5 \u00e0  7.19.7 (inclus)\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 d\u00e9couverte dans Curl/LibCurl permet de cr\u00e9er un d\u00e9ni\nde service. La vuln\u00e9rabilit\u00e9 n\u0027est exploitable que si l\u0027option de\nd\u00e9compression automatique \u00e0 \u00e9t\u00e9 activ\u00e9e par l\u0027application.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0734"
    }
  ],
  "initial_release_date": "2010-03-29T00:00:00",
  "last_revision_date": "2010-03-29T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 cURL du 9 fevrier 2010 :",
      "url": "http://cuCurl.haxx.se/docs/adv_20100209.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2010:062 du 19 mars    2010 :",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:062"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 2023 du 28 mars 2010 :",
      "url": "http://www.debian.org/security/2010/dsa-2023"
    }
  ],
  "reference": "CERTA-2010-AVI-138",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire permet \u00e0 un utilisateur\ndistant d\u0027effectuer un d\u00e9ni de service.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans cURL/LibCurl",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Curl du 9 f\u00e9vrier 2010",
      "url": null
    }
  ]
}

CERTA-2010-AVI-265

Vulnerability from certfr_avis - Published: 2010-06-16 - Updated: 2010-06-16

De multiples vulnérabilité ont été découvertes dans Mac OS X. L'exploitation de ces vulnérabilités permet de réaliser un grand nombre d'actions malveillantes.

Description

Ces vulnérabilités touchent de nombreux logiciels faisant partis du système Mac OS X. Elles permettent à une personne malveillante de réaliser un grand nombre d'actions malveillantes, dont l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Mac OS X 10.6 (Snow Leopard) versions antérieures à 10.6.4.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple du 15 juin 2010	None	vendor-advisory
Bulletin de sécurité Apple HT4188 du 15 juin 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eMac OS X 10.6 (Snow Leopard) versions  ant\u00e9rieures \u00e0 10.6.4.\u003c/p\u003e",
  "content": "## Description\n\nCes vuln\u00e9rabilit\u00e9s touchent de nombreux logiciels faisant partis du\nsyst\u00e8me Mac OS X. Elles permettent \u00e0 une personne malveillante de\nr\u00e9aliser un grand nombre d\u0027actions malveillantes, dont l\u0027ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1578"
    },
    {
      "name": "CVE-2010-0540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0540"
    },
    {
      "name": "CVE-2010-1380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1380"
    },
    {
      "name": "CVE-2010-0734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0734"
    },
    {
      "name": "CVE-2010-0283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0283"
    },
    {
      "name": "CVE-2010-1374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1374"
    },
    {
      "name": "CVE-2009-1580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1580"
    },
    {
      "name": "CVE-2010-0543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0543"
    },
    {
      "name": "CVE-2010-0546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0546"
    },
    {
      "name": "CVE-2010-0545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0545"
    },
    {
      "name": "CVE-2009-1581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1581"
    },
    {
      "name": "CVE-2010-1748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1748"
    },
    {
      "name": "CVE-2009-1579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1579"
    },
    {
      "name": "CVE-2009-2964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2964"
    },
    {
      "name": "CVE-2010-0186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0186"
    },
    {
      "name": "CVE-2010-0302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0302"
    },
    {
      "name": "CVE-2010-1320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1320"
    },
    {
      "name": "CVE-2010-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1379"
    },
    {
      "name": "CVE-2010-1382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1382"
    },
    {
      "name": "CVE-2010-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1377"
    },
    {
      "name": "CVE-2010-0541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0541"
    },
    {
      "name": "CVE-2010-1375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1375"
    },
    {
      "name": "CVE-2010-0187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0187"
    },
    {
      "name": "CVE-2010-1376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1376"
    },
    {
      "name": "CVE-2010-1411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1411"
    },
    {
      "name": "CVE-2010-1381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1381"
    },
    {
      "name": "CVE-2010-1373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1373"
    },
    {
      "name": "CVE-2009-4212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4212"
    },
    {
      "name": "CVE-2009-1382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1382"
    }
  ],
  "initial_release_date": "2010-06-16T00:00:00",
  "last_revision_date": "2010-06-16T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4188 du 15 juin 2010 :",
      "url": "http://support.apple.com/kb/HT4188"
    }
  ],
  "reference": "CERTA-2010-AVI-265",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-06-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9 ont \u00e9t\u00e9 d\u00e9couvertes dans Mac OS X.\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de r\u00e9aliser un grand nombre\nd\u0027actions malveillantes.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 15 juin 2010",
      "url": null
    }
  ]
}

CERTA-2012-AVI-218

Vulnerability from certfr_avis - Published: 2012-04-18 - Updated: 2012-04-18

De multiples vulnérabilités ont été corrigées dans HP System Management Homepage. Leur exploitation permet, entre autres, d'exécuter du code arbitraire à distance et de réaliser des dénis de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

HP System Management Homepage versions antérieures à 7.0.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP c03280632 du 16 avril 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003e\u003cSPAN class=\"textit\"\u003eHP System Management Homepage\u003c/SPAN\u003e  versions ant\u00e9rieures \u00e0 7.0.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2202"
    },
    {
      "name": "CVE-2011-0195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0195"
    },
    {
      "name": "CVE-2011-3192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3192"
    },
    {
      "name": "CVE-2011-2483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2483"
    },
    {
      "name": "CVE-2011-3348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3348"
    },
    {
      "name": "CVE-2011-3210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3210"
    },
    {
      "name": "CVE-2011-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1471"
    },
    {
      "name": "CVE-2010-1623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1623"
    },
    {
      "name": "CVE-2011-3182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3182"
    },
    {
      "name": "CVE-2010-0734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0734"
    },
    {
      "name": "CVE-2010-2791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2791"
    },
    {
      "name": "CVE-2011-3268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3268"
    },
    {
      "name": "CVE-2012-0135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0135"
    },
    {
      "name": "CVE-2011-1153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
    },
    {
      "name": "CVE-2010-4645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4645"
    },
    {
      "name": "CVE-2010-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2068"
    },
    {
      "name": "CVE-2010-1452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1452"
    },
    {
      "name": "CVE-2011-3267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3267"
    },
    {
      "name": "CVE-2010-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4409"
    },
    {
      "name": "CVE-2011-1148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1148"
    },
    {
      "name": "CVE-2011-1467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1467"
    },
    {
      "name": "CVE-2011-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
    },
    {
      "name": "CVE-2012-1993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1993"
    },
    {
      "name": "CVE-2011-2192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2192"
    },
    {
      "name": "CVE-2011-3207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3207"
    },
    {
      "name": "CVE-2011-1470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1470"
    },
    {
      "name": "CVE-2011-1464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1464"
    },
    {
      "name": "CVE-2011-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3639"
    },
    {
      "name": "CVE-2009-0037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0037"
    },
    {
      "name": "CVE-2010-3436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3436"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2011-1945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1945"
    },
    {
      "name": "CVE-2011-1928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1928"
    },
    {
      "name": "CVE-2011-3846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3846"
    },
    {
      "name": "CVE-2011-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
    },
    {
      "name": "CVE-2011-0419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0419"
    },
    {
      "name": "CVE-2011-1468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1468"
    },
    {
      "name": "CVE-2011-1938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1938"
    },
    {
      "name": "CVE-2011-3189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3189"
    }
  ],
  "initial_release_date": "2012-04-18T00:00:00",
  "last_revision_date": "2012-04-18T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-218",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-04-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHP System Management Homepage\u003c/span\u003e. Leur exploitation\npermet, entre autres, d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance et de\nr\u00e9aliser des d\u00e9nis de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP System Management Homepage",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03280632 du 16 avril 2012",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03280632"
    }
  ]
}

FKIE_CVE-2010-0734

Vulnerability from fkie_nvd - Published: 2010-03-19 19:30 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://curl.haxx.se/docs/adv_20100209.html	Vendor Advisory
secalert@redhat.com	http://curl.haxx.se/docs/security.html#20100209	Vendor Advisory
secalert@redhat.com	http://curl.haxx.se/libcurl-contentencoding.patch	Patch
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html
secalert@redhat.com	http://secunia.com/advisories/38843
secalert@redhat.com	http://secunia.com/advisories/38981
secalert@redhat.com	http://secunia.com/advisories/39087
secalert@redhat.com	http://secunia.com/advisories/39734
secalert@redhat.com	http://secunia.com/advisories/40220
secalert@redhat.com	http://secunia.com/advisories/45047
secalert@redhat.com	http://secunia.com/advisories/48256
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-201203-02.xml
secalert@redhat.com	http://support.apple.com/kb/HT4188
secalert@redhat.com	http://support.avaya.com/css/P8/documents/100081819
secalert@redhat.com	http://wiki.rpath.com/Advisories:rPSA-2010-0072
secalert@redhat.com	http://www.debian.org/security/2010/dsa-2023
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:062
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2010/02/09/5	Patch
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2010/03/09/1	Patch
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2010/03/16/11	Patch
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2010-0329.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/514490/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/archive/1/516397/100/0/threaded
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1158-1
secalert@redhat.com	http://www.vmware.com/security/advisories/VMSA-2011-0003.html
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/0571
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/0602
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/0660
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/0725
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/1481
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=563220
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/docs/adv_20100209.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/docs/security.html#20100209	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/libcurl-contentencoding.patch	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38843
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38981
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39087
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39734
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40220
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45047
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48256
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201203-02.xml
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4188
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/css/P8/documents/100081819
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/Advisories:rPSA-2010-0072
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-2023
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:062
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2010/02/09/5	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2010/03/09/1	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2010/03/16/11	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2010-0329.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/514490/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/516397/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1158-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2011-0003.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0571
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0602
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0660
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0725
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1481
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=563220
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756

Impacted products

Vendor	Product	Version
curl	libcurl	7.10.5
curl	libcurl	7.10.6
curl	libcurl	7.10.7
curl	libcurl	7.10.8
curl	libcurl	7.11.0
curl	libcurl	7.11.1
curl	libcurl	7.11.2
curl	libcurl	7.12
curl	libcurl	7.12.0
curl	libcurl	7.12.1
curl	libcurl	7.12.2
curl	libcurl	7.12.3
curl	libcurl	7.13
curl	libcurl	7.13.1
curl	libcurl	7.13.2
curl	libcurl	7.14
curl	libcurl	7.14.1
curl	libcurl	7.15
curl	libcurl	7.15.1
curl	libcurl	7.15.2
curl	libcurl	7.15.3
curl	libcurl	7.16.3
curl	libcurl	7.17.0
curl	libcurl	7.17.1
curl	libcurl	7.18.0
curl	libcurl	7.18.1
curl	libcurl	7.18.2
curl	libcurl	7.19.0
curl	libcurl	7.19.1
curl	libcurl	7.19.2
curl	libcurl	7.19.3
curl	libcurl	7.19.4
curl	libcurl	7.19.5
curl	libcurl	7.19.6
curl	libcurl	7.19.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D703855E-6610-445D-B498-61CE1C763A9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA7B64A2-6779-4A01-9864-902E2C04B08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A07B1635-6F28-4ED4-A2AC-CD7E9549C920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFA4392F-2582-4EFE-9450-3F12588BE981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "53E91EAD-3813-498B-9B5C-05F1DCF75D3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDDBC13-1646-490B-B778-DBD3BB3208C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B87F05D-C077-4929-8BBA-A7287A816470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DEC85E8-5555-46A9-9A95-30E1497AFA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CA22553-089B-44D2-B545-82F7AED74E25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03060364-7DCD-4111-BF7A-BEF6AFCB3134",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "319DADFB-081B-46AA-9F7D-DD4D1C5BE26D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9C6906-5FBD-4736-87B6-720E288E394A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4931FF86-51B6-470A-A2E0-A1B0942D1CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA9DA33F-A33E-483E-AE4D-4422D62C02E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5028DB2-87D5-4AD8-87D4-325C519D6CD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E992CDB0-A787-4F7E-AC55-13FE7C68A1D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "808143C5-108B-45BE-B626-A44F9F956018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBBB3F1-98BD-40D1-B09F-1924D567625A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D5DAE5-ABEA-4FF1-836C-BA4741F13323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E15191F-D4E6-425C-81BE-2CD55A815B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0407CCC0-ACAA-4B2A-99A5-DA57791057B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "248D86F7-A8E5-448D-A55A-C05278BB9822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "295EE8FF-18BD-4F67-9045-83A5693AB783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "249C50ED-B681-4DFB-83CD-625D703CD95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3F060A3-FC8E-45CD-85AB-247D13A2896C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14BB81D-841D-456C-9CAE-CC679FFAB5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBA081D-AB88-4895-8495-6B51EB6B5325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8F6B4C1-B88F-4675-BAB7-66A4DFAC17AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A44CE5AD-27B6-45EB-A0B8-CF9BDB31F0E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63984E6B-54EF-4DD6-8A5B-DD16A9A6A4B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBACF741-C988-4800-A9FF-E4836A1EE4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "95C5A868-2EC9-4FC6-A074-E587A203A350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "54613E59-4583-405C-9BA3-609D47B9FFEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07436E22-446B-4041-B201-843FC2A9B9A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "59223E78-F55B-46BE-AD1B-176B441BC412",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit."
    },
    {
      "lang": "es",
      "value": "content_encoding.c en libcurl v7.10.5 hasta v7.19.7, cuando zlib est\u00e1 habilitado, no restringe adecuadamente la cantidad de datos de llamadas devueltas, enviadas a una aplicaci\u00f3n que descomprime automaticamente las peticiones, lo que podr\u00eda permitir a un atacante remoto provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o tener o tro impacto sin especificar mediante el env\u00edo de datos comprimidos manipulados a una aplicaci\u00f3n que se basa en el l\u00edmite destinado data-length."
    }
  ],
  "id": "CVE-2010-0734",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-03-19T19:30:00.577",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/adv_20100209.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/security.html#20100209"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/libcurl-contentencoding.patch"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38843"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38981"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/39087"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/39734"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/40220"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/45047"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48256"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT4188"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.avaya.com/css/P8/documents/100081819"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0072"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-2023"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:062"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/02/09/5"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/03/09/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/03/16/11"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0329.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/514490/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1158-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/0571"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/0602"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/0660"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/0725"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/1481"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=563220"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/adv_20100209.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/security.html#20100209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/libcurl-contentencoding.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/40220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/45047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/css/P8/documents/100081819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/02/09/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/03/09/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/03/16/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0329.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/514490/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1158-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=563220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2010-0734

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-0734

Aliases

CVE-2010-0734

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-0734",
    "description": "content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.",
    "id": "GSD-2010-0734",
    "references": [
      "https://www.suse.com/security/cve/CVE-2010-0734.html",
      "https://www.debian.org/security/2010/dsa-2023",
      "https://access.redhat.com/errata/RHSA-2010:0329",
      "https://access.redhat.com/errata/RHSA-2010:0273",
      "https://linux.oracle.com/cve/CVE-2010-0734.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-0734"
      ],
      "details": "content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.",
      "id": "GSD-2010-0734",
      "modified": "2023-12-13T01:21:28.931794Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2010-0734",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
            "refsource": "MISC",
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html",
            "refsource": "MISC",
            "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
          },
          {
            "name": "http://secunia.com/advisories/40220",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/40220"
          },
          {
            "name": "http://support.apple.com/kb/HT4188",
            "refsource": "MISC",
            "url": "http://support.apple.com/kb/HT4188"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/1481",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/1481"
          },
          {
            "name": "http://secunia.com/advisories/48256",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/48256"
          },
          {
            "name": "http://security.gentoo.org/glsa/glsa-201203-02.xml",
            "refsource": "MISC",
            "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
          },
          {
            "name": "http://secunia.com/advisories/45047",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/45047"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-1158-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-1158-1"
          },
          {
            "name": "http://curl.haxx.se/docs/adv_20100209.html",
            "refsource": "MISC",
            "url": "http://curl.haxx.se/docs/adv_20100209.html"
          },
          {
            "name": "http://curl.haxx.se/docs/security.html#20100209",
            "refsource": "MISC",
            "url": "http://curl.haxx.se/docs/security.html#20100209"
          },
          {
            "name": "http://curl.haxx.se/libcurl-contentencoding.patch",
            "refsource": "MISC",
            "url": "http://curl.haxx.se/libcurl-contentencoding.patch"
          },
          {
            "name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html",
            "refsource": "MISC",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html"
          },
          {
            "name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html",
            "refsource": "MISC",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html"
          },
          {
            "name": "http://secunia.com/advisories/38843",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38843"
          },
          {
            "name": "http://secunia.com/advisories/38981",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38981"
          },
          {
            "name": "http://secunia.com/advisories/39087",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/39087"
          },
          {
            "name": "http://secunia.com/advisories/39734",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/39734"
          },
          {
            "name": "http://support.avaya.com/css/P8/documents/100081819",
            "refsource": "MISC",
            "url": "http://support.avaya.com/css/P8/documents/100081819"
          },
          {
            "name": "http://wiki.rpath.com/Advisories:rPSA-2010-0072",
            "refsource": "MISC",
            "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0072"
          },
          {
            "name": "http://www.debian.org/security/2010/dsa-2023",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2010/dsa-2023"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:062",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:062"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2010/02/09/5",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2010/02/09/5"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2010/03/09/1",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2010/03/09/1"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2010/03/16/11",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2010/03/16/11"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2010-0329.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0329.html"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/514490/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/514490/100/0/threaded"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/0571",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/0571"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/0602",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/0602"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/0660",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/0660"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/0725",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/0725"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=563220",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=563220"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.10.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.12.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.15.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.19.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.19.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.10.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.10.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.18.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.19.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.19.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.17.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.18.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.18.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.19.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.19.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.16.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.17.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.19.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.19.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2010-0734"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20100309 Re: CVE Request -- cURL/libCURL 7.20.0",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/03/09/1"
            },
            {
              "name": "[oss-security] 20100209 CVE Request -- cURL/libCURL 7.20.0",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/02/09/5"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=563220",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=563220"
            },
            {
              "name": "http://curl.haxx.se/libcurl-contentencoding.patch",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://curl.haxx.se/libcurl-contentencoding.patch"
            },
            {
              "name": "http://curl.haxx.se/docs/adv_20100209.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://curl.haxx.se/docs/adv_20100209.html"
            },
            {
              "name": "http://curl.haxx.se/docs/security.html#20100209",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://curl.haxx.se/docs/security.html#20100209"
            },
            {
              "name": "[oss-security] 20100316 Re: CVE Request -- cURL/libCURL 7.20.0",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/03/16/11"
            },
            {
              "name": "38843",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38843"
            },
            {
              "name": "FEDORA-2010-2720",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html"
            },
            {
              "name": "ADV-2010-0602",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0602"
            },
            {
              "name": "38981",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38981"
            },
            {
              "name": "FEDORA-2010-2762",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html"
            },
            {
              "name": "ADV-2010-0571",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0571"
            },
            {
              "name": "MDVSA-2010:062",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:062"
            },
            {
              "name": "ADV-2010-0725",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0725"
            },
            {
              "name": "ADV-2010-0660",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0660"
            },
            {
              "name": "DSA-2023",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2010/dsa-2023"
            },
            {
              "name": "39087",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/39087"
            },
            {
              "name": "39734",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/39734"
            },
            {
              "name": "RHSA-2010:0329",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0329.html"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100081819",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/css/P8/documents/100081819"
            },
            {
              "name": "40220",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/40220"
            },
            {
              "name": "APPLE-SA-2010-06-15-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
            },
            {
              "name": "ADV-2010-1481",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/1481"
            },
            {
              "name": "http://support.apple.com/kb/HT4188",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4188"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2010-0072",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0072"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "USN-1158-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1158-1"
            },
            {
              "name": "45047",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/45047"
            },
            {
              "name": "oval:org.mitre.oval:def:6756",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756"
            },
            {
              "name": "oval:org.mitre.oval:def:10760",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760"
            },
            {
              "name": "GLSA-201203-02",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
            },
            {
              "name": "48256",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/48256"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "20101027 rPSA-2010-0072-1 curl",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/514490/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-10T19:53Z",
      "publishedDate": "2010-03-19T19:30Z"
    }
  }
}

GHSA-65FC-R6MJ-6V9J

Vulnerability from github – Published: 2022-05-02 06:15 – Updated: 2022-05-02 06:15

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-0734"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-03-19T19:30:00Z",
    "severity": "MODERATE"
  },
  "details": "content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.",
  "id": "GHSA-65fc-r6mj-6v9j",
  "modified": "2022-05-02T06:15:13Z",
  "published": "2022-05-02T06:15:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0734"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=563220"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/docs/adv_20100209.html"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/docs/security.html#20100209"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/libcurl-contentencoding.patch"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38843"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38981"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39087"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39734"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/40220"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/45047"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48256"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4188"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/css/P8/documents/100081819"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0072"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2010/dsa-2023"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:062"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2010/02/09/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2010/03/09/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2010/03/16/11"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0329.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/514490/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1158-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0571"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0602"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0660"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0725"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1481"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-0734 (GCVE-0-2010-0734)

CERTA-2010-AVI-461

Description

Solution

CERTA-2010-AVI-138

Description

Solution

CERTA-2010-AVI-265

Description

Solution

CERTA-2012-AVI-218

Solution

FKIE_CVE-2010-0734

GSD-2010-0734

GHSA-65FC-R6MJ-6V9J

Tags

Sightings

Nomenclature