Professional OVAL Repository

[Eng] [Rus] [Sign-In]

oval:org.mitre.oval:def:21195

Version

Class

patch

ALTXid

37306

Language

English

Severity

NotAvailable

Title

RHSA-2013:0983: curl security update (Moderate)

Description

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.

Family

unix

Platform

Product

curl

OVAL Repository

Status: ACCEPTED
Status: ACCEPTED
- 2014-01-09T13:03:25 : submitted
  - ALTX-SOFT Sergey Artykhov
- 2014-01-10T12:58:03.074-05:00 : status_change DRAFT
- 2014-01-27T04:01:15.083-05:00 : status_change INTERIM
- 2014-02-17T04:01:30.187-05:00 : status_change ACCEPTED

Reference

VENDOR: RHSA-2013:0983-00

CESA: CESA-2013:0983
CESA: CESA-2013:0983

Id: CESA-2013:0983

CVE: CVE-2013-2174

Criteria

Expand All

Collapse All

AND

Operation system section

OR	Redhat 6 or Centos 6 release

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:20273) The operating system installed on the system is Red Hat Enterprise Linux 6

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:16337) The operating system installed on the system is CentOS Linux 6.x

OR Packages section
- CRITERION curl is earlier than 0:7.19.7-37.el6_4
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91403) check=at least one, check_existence=at_least_one_exists, comment=curl is earlier than 0:7.19.7-37.el6_4, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14575)
      name curl
    - rpminfo_state (ID = oval:org.mitre.oval:ste:25107)
      evr datatype=evr_string | operation=less than | value=0:7.19.7-37.el6_4
- CRITERION libcurl-devel is earlier than 0:7.19.7-37.el6_4
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91169) check=at least one, check_existence=at_least_one_exists, comment=libcurl-devel is earlier than 0:7.19.7-37.el6_4, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:28736)
      name libcurl-devel
    - rpminfo_state (ID = oval:org.mitre.oval:ste:25107)
      evr datatype=evr_string | operation=less than | value=0:7.19.7-37.el6_4
- CRITERION libcurl is earlier than 0:7.19.7-37.el6_4
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91055) check=at least one, check_existence=at_least_one_exists, comment=libcurl is earlier than 0:7.19.7-37.el6_4, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:28912)
      name libcurl
    - rpminfo_state (ID = oval:org.mitre.oval:ste:25107)
      evr datatype=evr_string | operation=less than | value=0:7.19.7-37.el6_4

AND

Operation system section

OR	Redhat 5 or Centos 5 release

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:11414) The operating system installed on the system is Red Hat Enterprise Linux 5

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15802) The operating system installed on the system is CentOS Linux 5.x

OR Packages section
- CRITERION curl is earlier than 0:7.15.5-17.el5_9
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91095) check=at least one, check_existence=at_least_one_exists, comment=curl is earlier than 0:7.15.5-17.el5_9, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14575)
      name curl
    - rpminfo_state (ID = oval:org.mitre.oval:ste:26079)
      evr datatype=evr_string | operation=less than | value=0:7.15.5-17.el5_9
- CRITERION curl-devel is earlier than 0:7.15.5-17.el5_9
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91111) check=at least one, check_existence=at_least_one_exists, comment=curl-devel is earlier than 0:7.15.5-17.el5_9, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14469)
      name curl-devel
    - rpminfo_state (ID = oval:org.mitre.oval:ste:26079)
      evr datatype=evr_string | operation=less than | value=0:7.15.5-17.el5_9


	2008-2021, © AO ALTEX-SOFT , ovaldb@altx-soft.com OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Other names may be trademarks of their respective owners.

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL