csaf_redhat - rhsa-2010

rhsa-2010_0273

Vulnerability from csaf_redhat

Published

2010-03-29 12:00

Modified

2024-11-22 03:08

Summary

Red Hat Security Advisory: curl security, bug fix and enhancement update

Notes

Topic

Updated curl packages that fix one security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and DICT servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Wesley Miaw discovered that when deflate compression was used, libcurl could call the registered write callback function with data exceeding the documented limit. A malicious server could use this flaw to crash an application using libcurl or, potentially, execute arbitrary code. Note: This issue only affected applications using libcurl that rely on the documented data size limit, and that copy the data to the insufficiently sized buffer. (CVE-2010-0734) This update also fixes the following bugs: * when using curl to upload a file, if the connection was broken or reset by the server during the transfer, curl immediately started using 100% CPU and failed to acknowledge that the transfer had failed. With this update, curl displays an appropriate error message and exits when an upload fails mid-transfer due to a broken or reset connection. (BZ#479967) * libcurl experienced a segmentation fault when attempting to reuse a connection after performing GSS-negotiate authentication, which in turn caused the curl program to crash. This update fixes this bug so that reused connections are able to be successfully established even after GSS-negotiate authentication has been performed. (BZ#517199) As well, this update adds the following enhancements: * curl now supports loading Certificate Revocation Lists (CRLs) from a Privacy Enhanced Mail (PEM) file. When curl attempts to access sites that have had their certificate revoked in a CRL, curl refuses access to those sites. (BZ#532069) * the curl(1) manual page has been updated to clarify that the "--socks4" and "--socks5" options do not work with the IPv6, FTPS, or LDAP protocols. (BZ#473128) * the curl utility's program help, which is accessed by running "curl -h", has been updated with descriptions for the "--ftp-account" and "--ftp-alternative-to-user" options. (BZ#517084) Users of curl should upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. All running applications using libcurl must be restarted for the update to take effect.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated curl packages that fix one security issue, various bugs, and add\nenhancements are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and DICT\nservers, using any of the supported protocols. cURL is designed to work\nwithout user interaction or any kind of interactivity.\n\nWesley Miaw discovered that when deflate compression was used, libcurl\ncould call the registered write callback function with data exceeding the\ndocumented limit. A malicious server could use this flaw to crash an\napplication using libcurl or, potentially, execute arbitrary code. Note:\nThis issue only affected applications using libcurl that rely on the\ndocumented data size limit, and that copy the data to the insufficiently\nsized buffer. (CVE-2010-0734)\n\nThis update also fixes the following bugs:\n\n* when using curl to upload a file, if the connection was broken or reset\nby the server during the transfer, curl immediately started using 100% CPU\nand failed to acknowledge that the transfer had failed. With this update,\ncurl displays an appropriate error message and exits when an upload fails\nmid-transfer due to a broken or reset connection. (BZ#479967)\n\n* libcurl experienced a segmentation fault when attempting to reuse a\nconnection after performing GSS-negotiate authentication, which in turn\ncaused the curl program to crash. This update fixes this bug so that reused\nconnections are able to be successfully established even after\nGSS-negotiate authentication has been performed. (BZ#517199)\n\nAs well, this update adds the following enhancements:\n\n* curl now supports loading Certificate Revocation Lists (CRLs) from a\nPrivacy Enhanced Mail (PEM) file. When curl attempts to access sites that\nhave had their certificate revoked in a CRL, curl refuses access to those\nsites. (BZ#532069)\n\n* the curl(1) manual page has been updated to clarify that the \"--socks4\"\nand \"--socks5\" options do not work with the IPv6, FTPS, or LDAP protocols.\n(BZ#473128)\n\n* the curl utility\u0027s program help, which is accessed by running \"curl -h\",\nhas been updated with descriptions for the \"--ftp-account\" and\n\"--ftp-alternative-to-user\" options. (BZ#517084)\n\nUsers of curl should upgrade to these updated packages, which contain\nbackported patches to correct these issues and add these enhancements. All\nrunning applications using libcurl must be restarted for the update to take\neffect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2010:0273",
        "url": "https://access.redhat.com/errata/RHSA-2010:0273"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "479967",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=479967"
      },
      {
        "category": "external",
        "summary": "517084",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=517084"
      },
      {
        "category": "external",
        "summary": "517199",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=517199"
      },
      {
        "category": "external",
        "summary": "563220",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=563220"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0273.json"
      }
    ],
    "title": "Red Hat Security Advisory: curl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-22T03:08:44+00:00",
      "generator": {
        "date": "2024-11-22T03:08:44+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2010:0273",
      "initial_release_date": "2010-03-29T12:00:00+00:00",
      "revision_history": [
        {
          "date": "2010-03-29T12:00:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2010-03-29T09:21:11+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T03:08:44+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
                  "product_id": "5Client-Workstation",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-devel-0:7.15.5-9.el5.x86_64",
                "product": {
                  "name": "curl-devel-0:7.15.5-9.el5.x86_64",
                  "product_id": "curl-devel-0:7.15.5-9.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl-devel@7.15.5-9.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "curl-debuginfo-0:7.15.5-9.el5.x86_64",
                "product": {
                  "name": "curl-debuginfo-0:7.15.5-9.el5.x86_64",
                  "product_id": "curl-debuginfo-0:7.15.5-9.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl-debuginfo@7.15.5-9.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "curl-0:7.15.5-9.el5.x86_64",
                "product": {
                  "name": "curl-0:7.15.5-9.el5.x86_64",
                  "product_id": "curl-0:7.15.5-9.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl@7.15.5-9.el5?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-devel-0:7.15.5-9.el5.i386",
                "product": {
                  "name": "curl-devel-0:7.15.5-9.el5.i386",
                  "product_id": "curl-devel-0:7.15.5-9.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl-devel@7.15.5-9.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "curl-debuginfo-0:7.15.5-9.el5.i386",
                "product": {
                  "name": "curl-debuginfo-0:7.15.5-9.el5.i386",
                  "product_id": "curl-debuginfo-0:7.15.5-9.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl-debuginfo@7.15.5-9.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "curl-0:7.15.5-9.el5.i386",
                "product": {
                  "name": "curl-0:7.15.5-9.el5.i386",
                  "product_id": "curl-0:7.15.5-9.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl@7.15.5-9.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-0:7.15.5-9.el5.src",
                "product": {
                  "name": "curl-0:7.15.5-9.el5.src",
                  "product_id": "curl-0:7.15.5-9.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl@7.15.5-9.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-devel-0:7.15.5-9.el5.ia64",
                "product": {
                  "name": "curl-devel-0:7.15.5-9.el5.ia64",
                  "product_id": "curl-devel-0:7.15.5-9.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl-devel@7.15.5-9.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "curl-0:7.15.5-9.el5.ia64",
                "product": {
                  "name": "curl-0:7.15.5-9.el5.ia64",
                  "product_id": "curl-0:7.15.5-9.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl@7.15.5-9.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "curl-debuginfo-0:7.15.5-9.el5.ia64",
                "product": {
                  "name": "curl-debuginfo-0:7.15.5-9.el5.ia64",
                  "product_id": "curl-debuginfo-0:7.15.5-9.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl-debuginfo@7.15.5-9.el5?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-devel-0:7.15.5-9.el5.ppc64",
                "product": {
                  "name": "curl-devel-0:7.15.5-9.el5.ppc64",
                  "product_id": "curl-devel-0:7.15.5-9.el5.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl-devel@7.15.5-9.el5?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "curl-0:7.15.5-9.el5.ppc64",
                "product": {
                  "name": "curl-0:7.15.5-9.el5.ppc64",
                  "product_id": "curl-0:7.15.5-9.el5.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl@7.15.5-9.el5?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "curl-debuginfo-0:7.15.5-9.el5.ppc64",
                "product": {
                  "name": "curl-debuginfo-0:7.15.5-9.el5.ppc64",
                  "product_id": "curl-debuginfo-0:7.15.5-9.el5.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl-debuginfo@7.15.5-9.el5?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-devel-0:7.15.5-9.el5.ppc",
                "product": {
                  "name": "curl-devel-0:7.15.5-9.el5.ppc",
                  "product_id": "curl-devel-0:7.15.5-9.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl-devel@7.15.5-9.el5?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "curl-0:7.15.5-9.el5.ppc",
                "product": {
                  "name": "curl-0:7.15.5-9.el5.ppc",
                  "product_id": "curl-0:7.15.5-9.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl@7.15.5-9.el5?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "curl-debuginfo-0:7.15.5-9.el5.ppc",
                "product": {
                  "name": "curl-debuginfo-0:7.15.5-9.el5.ppc",
                  "product_id": "curl-debuginfo-0:7.15.5-9.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl-debuginfo@7.15.5-9.el5?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-devel-0:7.15.5-9.el5.s390x",
                "product": {
                  "name": "curl-devel-0:7.15.5-9.el5.s390x",
                  "product_id": "curl-devel-0:7.15.5-9.el5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl-devel@7.15.5-9.el5?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "curl-0:7.15.5-9.el5.s390x",
                "product": {
                  "name": "curl-0:7.15.5-9.el5.s390x",
                  "product_id": "curl-0:7.15.5-9.el5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl@7.15.5-9.el5?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "curl-debuginfo-0:7.15.5-9.el5.s390x",
                "product": {
                  "name": "curl-debuginfo-0:7.15.5-9.el5.s390x",
                  "product_id": "curl-debuginfo-0:7.15.5-9.el5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl-debuginfo@7.15.5-9.el5?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-devel-0:7.15.5-9.el5.s390",
                "product": {
                  "name": "curl-devel-0:7.15.5-9.el5.s390",
                  "product_id": "curl-devel-0:7.15.5-9.el5.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl-devel@7.15.5-9.el5?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "curl-0:7.15.5-9.el5.s390",
                "product": {
                  "name": "curl-0:7.15.5-9.el5.s390",
                  "product_id": "curl-0:7.15.5-9.el5.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl@7.15.5-9.el5?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "curl-debuginfo-0:7.15.5-9.el5.s390",
                "product": {
                  "name": "curl-debuginfo-0:7.15.5-9.el5.s390",
                  "product_id": "curl-debuginfo-0:7.15.5-9.el5.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/curl-debuginfo@7.15.5-9.el5?arch=s390"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-0:7.15.5-9.el5.i386"
        },
        "product_reference": "curl-0:7.15.5-9.el5.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-0:7.15.5-9.el5.ia64"
        },
        "product_reference": "curl-0:7.15.5-9.el5.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-0:7.15.5-9.el5.ppc"
        },
        "product_reference": "curl-0:7.15.5-9.el5.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-0:7.15.5-9.el5.ppc64"
        },
        "product_reference": "curl-0:7.15.5-9.el5.ppc64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-0:7.15.5-9.el5.s390"
        },
        "product_reference": "curl-0:7.15.5-9.el5.s390",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-0:7.15.5-9.el5.s390x"
        },
        "product_reference": "curl-0:7.15.5-9.el5.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-0:7.15.5-9.el5.src"
        },
        "product_reference": "curl-0:7.15.5-9.el5.src",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-0:7.15.5-9.el5.x86_64"
        },
        "product_reference": "curl-0:7.15.5-9.el5.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.i386"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.ia64"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.ppc"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.ppc64"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.ppc64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.s390"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.s390",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.s390x"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.x86_64"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-devel-0:7.15.5-9.el5.i386"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-devel-0:7.15.5-9.el5.ia64"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-devel-0:7.15.5-9.el5.ppc"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-devel-0:7.15.5-9.el5.ppc64"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.ppc64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-devel-0:7.15.5-9.el5.s390"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.s390",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-devel-0:7.15.5-9.el5.s390x"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:curl-devel-0:7.15.5-9.el5.x86_64"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-0:7.15.5-9.el5.i386"
        },
        "product_reference": "curl-0:7.15.5-9.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-0:7.15.5-9.el5.ia64"
        },
        "product_reference": "curl-0:7.15.5-9.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-0:7.15.5-9.el5.ppc"
        },
        "product_reference": "curl-0:7.15.5-9.el5.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-0:7.15.5-9.el5.ppc64"
        },
        "product_reference": "curl-0:7.15.5-9.el5.ppc64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-0:7.15.5-9.el5.s390"
        },
        "product_reference": "curl-0:7.15.5-9.el5.s390",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-0:7.15.5-9.el5.s390x"
        },
        "product_reference": "curl-0:7.15.5-9.el5.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-0:7.15.5-9.el5.src"
        },
        "product_reference": "curl-0:7.15.5-9.el5.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-0:7.15.5-9.el5.x86_64"
        },
        "product_reference": "curl-0:7.15.5-9.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-debuginfo-0:7.15.5-9.el5.i386"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-debuginfo-0:7.15.5-9.el5.ia64"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-debuginfo-0:7.15.5-9.el5.ppc"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-debuginfo-0:7.15.5-9.el5.ppc64"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.ppc64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-debuginfo-0:7.15.5-9.el5.s390"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.s390",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-debuginfo-0:7.15.5-9.el5.s390x"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-debuginfo-0:7.15.5-9.el5.x86_64"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-devel-0:7.15.5-9.el5.i386"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-devel-0:7.15.5-9.el5.ia64"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-devel-0:7.15.5-9.el5.ppc"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-devel-0:7.15.5-9.el5.ppc64"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.ppc64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-devel-0:7.15.5-9.el5.s390"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.s390",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-devel-0:7.15.5-9.el5.s390x"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:curl-devel-0:7.15.5-9.el5.x86_64"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-0:7.15.5-9.el5.i386"
        },
        "product_reference": "curl-0:7.15.5-9.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-0:7.15.5-9.el5.ia64"
        },
        "product_reference": "curl-0:7.15.5-9.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-0:7.15.5-9.el5.ppc"
        },
        "product_reference": "curl-0:7.15.5-9.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-0:7.15.5-9.el5.ppc64"
        },
        "product_reference": "curl-0:7.15.5-9.el5.ppc64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-0:7.15.5-9.el5.s390"
        },
        "product_reference": "curl-0:7.15.5-9.el5.s390",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-0:7.15.5-9.el5.s390x"
        },
        "product_reference": "curl-0:7.15.5-9.el5.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-0:7.15.5-9.el5.src"
        },
        "product_reference": "curl-0:7.15.5-9.el5.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.15.5-9.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-0:7.15.5-9.el5.x86_64"
        },
        "product_reference": "curl-0:7.15.5-9.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-debuginfo-0:7.15.5-9.el5.i386"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-debuginfo-0:7.15.5-9.el5.ia64"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-debuginfo-0:7.15.5-9.el5.ppc"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-debuginfo-0:7.15.5-9.el5.ppc64"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.ppc64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-debuginfo-0:7.15.5-9.el5.s390"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.s390",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-debuginfo-0:7.15.5-9.el5.s390x"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-debuginfo-0:7.15.5-9.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-debuginfo-0:7.15.5-9.el5.x86_64"
        },
        "product_reference": "curl-debuginfo-0:7.15.5-9.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-devel-0:7.15.5-9.el5.i386"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-devel-0:7.15.5-9.el5.ia64"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-devel-0:7.15.5-9.el5.ppc"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-devel-0:7.15.5-9.el5.ppc64"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.ppc64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-devel-0:7.15.5-9.el5.s390"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.s390",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-devel-0:7.15.5-9.el5.s390x"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-devel-0:7.15.5-9.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:curl-devel-0:7.15.5-9.el5.x86_64"
        },
        "product_reference": "curl-devel-0:7.15.5-9.el5.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Daniel Stenberg"
          ]
        },
        {
          "names": [
            "Wesley Miaw"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2010-0734",
      "discovery_date": "2010-01-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "563220"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Workstation:curl-0:7.15.5-9.el5.i386",
          "5Client-Workstation:curl-0:7.15.5-9.el5.ia64",
          "5Client-Workstation:curl-0:7.15.5-9.el5.ppc",
          "5Client-Workstation:curl-0:7.15.5-9.el5.ppc64",
          "5Client-Workstation:curl-0:7.15.5-9.el5.s390",
          "5Client-Workstation:curl-0:7.15.5-9.el5.s390x",
          "5Client-Workstation:curl-0:7.15.5-9.el5.src",
          "5Client-Workstation:curl-0:7.15.5-9.el5.x86_64",
          "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.i386",
          "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.ia64",
          "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.ppc",
          "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.ppc64",
          "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.s390",
          "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.s390x",
          "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.x86_64",
          "5Client-Workstation:curl-devel-0:7.15.5-9.el5.i386",
          "5Client-Workstation:curl-devel-0:7.15.5-9.el5.ia64",
          "5Client-Workstation:curl-devel-0:7.15.5-9.el5.ppc",
          "5Client-Workstation:curl-devel-0:7.15.5-9.el5.ppc64",
          "5Client-Workstation:curl-devel-0:7.15.5-9.el5.s390",
          "5Client-Workstation:curl-devel-0:7.15.5-9.el5.s390x",
          "5Client-Workstation:curl-devel-0:7.15.5-9.el5.x86_64",
          "5Client:curl-0:7.15.5-9.el5.i386",
          "5Client:curl-0:7.15.5-9.el5.ia64",
          "5Client:curl-0:7.15.5-9.el5.ppc",
          "5Client:curl-0:7.15.5-9.el5.ppc64",
          "5Client:curl-0:7.15.5-9.el5.s390",
          "5Client:curl-0:7.15.5-9.el5.s390x",
          "5Client:curl-0:7.15.5-9.el5.src",
          "5Client:curl-0:7.15.5-9.el5.x86_64",
          "5Client:curl-debuginfo-0:7.15.5-9.el5.i386",
          "5Client:curl-debuginfo-0:7.15.5-9.el5.ia64",
          "5Client:curl-debuginfo-0:7.15.5-9.el5.ppc",
          "5Client:curl-debuginfo-0:7.15.5-9.el5.ppc64",
          "5Client:curl-debuginfo-0:7.15.5-9.el5.s390",
          "5Client:curl-debuginfo-0:7.15.5-9.el5.s390x",
          "5Client:curl-debuginfo-0:7.15.5-9.el5.x86_64",
          "5Client:curl-devel-0:7.15.5-9.el5.i386",
          "5Client:curl-devel-0:7.15.5-9.el5.ia64",
          "5Client:curl-devel-0:7.15.5-9.el5.ppc",
          "5Client:curl-devel-0:7.15.5-9.el5.ppc64",
          "5Client:curl-devel-0:7.15.5-9.el5.s390",
          "5Client:curl-devel-0:7.15.5-9.el5.s390x",
          "5Client:curl-devel-0:7.15.5-9.el5.x86_64",
          "5Server:curl-0:7.15.5-9.el5.i386",
          "5Server:curl-0:7.15.5-9.el5.ia64",
          "5Server:curl-0:7.15.5-9.el5.ppc",
          "5Server:curl-0:7.15.5-9.el5.ppc64",
          "5Server:curl-0:7.15.5-9.el5.s390",
          "5Server:curl-0:7.15.5-9.el5.s390x",
          "5Server:curl-0:7.15.5-9.el5.src",
          "5Server:curl-0:7.15.5-9.el5.x86_64",
          "5Server:curl-debuginfo-0:7.15.5-9.el5.i386",
          "5Server:curl-debuginfo-0:7.15.5-9.el5.ia64",
          "5Server:curl-debuginfo-0:7.15.5-9.el5.ppc",
          "5Server:curl-debuginfo-0:7.15.5-9.el5.ppc64",
          "5Server:curl-debuginfo-0:7.15.5-9.el5.s390",
          "5Server:curl-debuginfo-0:7.15.5-9.el5.s390x",
          "5Server:curl-debuginfo-0:7.15.5-9.el5.x86_64",
          "5Server:curl-devel-0:7.15.5-9.el5.i386",
          "5Server:curl-devel-0:7.15.5-9.el5.ia64",
          "5Server:curl-devel-0:7.15.5-9.el5.ppc",
          "5Server:curl-devel-0:7.15.5-9.el5.ppc64",
          "5Server:curl-devel-0:7.15.5-9.el5.s390",
          "5Server:curl-devel-0:7.15.5-9.el5.s390x",
          "5Server:curl-devel-0:7.15.5-9.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-0734"
        },
        {
          "category": "external",
          "summary": "RHBZ#563220",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=563220"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-0734"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0734",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0734"
        }
      ],
      "release_date": "2010-02-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-03-29T12:00:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Workstation:curl-0:7.15.5-9.el5.i386",
            "5Client-Workstation:curl-0:7.15.5-9.el5.ia64",
            "5Client-Workstation:curl-0:7.15.5-9.el5.ppc",
            "5Client-Workstation:curl-0:7.15.5-9.el5.ppc64",
            "5Client-Workstation:curl-0:7.15.5-9.el5.s390",
            "5Client-Workstation:curl-0:7.15.5-9.el5.s390x",
            "5Client-Workstation:curl-0:7.15.5-9.el5.src",
            "5Client-Workstation:curl-0:7.15.5-9.el5.x86_64",
            "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.i386",
            "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.ia64",
            "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.ppc",
            "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.ppc64",
            "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.s390",
            "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.s390x",
            "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.x86_64",
            "5Client-Workstation:curl-devel-0:7.15.5-9.el5.i386",
            "5Client-Workstation:curl-devel-0:7.15.5-9.el5.ia64",
            "5Client-Workstation:curl-devel-0:7.15.5-9.el5.ppc",
            "5Client-Workstation:curl-devel-0:7.15.5-9.el5.ppc64",
            "5Client-Workstation:curl-devel-0:7.15.5-9.el5.s390",
            "5Client-Workstation:curl-devel-0:7.15.5-9.el5.s390x",
            "5Client-Workstation:curl-devel-0:7.15.5-9.el5.x86_64",
            "5Client:curl-0:7.15.5-9.el5.i386",
            "5Client:curl-0:7.15.5-9.el5.ia64",
            "5Client:curl-0:7.15.5-9.el5.ppc",
            "5Client:curl-0:7.15.5-9.el5.ppc64",
            "5Client:curl-0:7.15.5-9.el5.s390",
            "5Client:curl-0:7.15.5-9.el5.s390x",
            "5Client:curl-0:7.15.5-9.el5.src",
            "5Client:curl-0:7.15.5-9.el5.x86_64",
            "5Client:curl-debuginfo-0:7.15.5-9.el5.i386",
            "5Client:curl-debuginfo-0:7.15.5-9.el5.ia64",
            "5Client:curl-debuginfo-0:7.15.5-9.el5.ppc",
            "5Client:curl-debuginfo-0:7.15.5-9.el5.ppc64",
            "5Client:curl-debuginfo-0:7.15.5-9.el5.s390",
            "5Client:curl-debuginfo-0:7.15.5-9.el5.s390x",
            "5Client:curl-debuginfo-0:7.15.5-9.el5.x86_64",
            "5Client:curl-devel-0:7.15.5-9.el5.i386",
            "5Client:curl-devel-0:7.15.5-9.el5.ia64",
            "5Client:curl-devel-0:7.15.5-9.el5.ppc",
            "5Client:curl-devel-0:7.15.5-9.el5.ppc64",
            "5Client:curl-devel-0:7.15.5-9.el5.s390",
            "5Client:curl-devel-0:7.15.5-9.el5.s390x",
            "5Client:curl-devel-0:7.15.5-9.el5.x86_64",
            "5Server:curl-0:7.15.5-9.el5.i386",
            "5Server:curl-0:7.15.5-9.el5.ia64",
            "5Server:curl-0:7.15.5-9.el5.ppc",
            "5Server:curl-0:7.15.5-9.el5.ppc64",
            "5Server:curl-0:7.15.5-9.el5.s390",
            "5Server:curl-0:7.15.5-9.el5.s390x",
            "5Server:curl-0:7.15.5-9.el5.src",
            "5Server:curl-0:7.15.5-9.el5.x86_64",
            "5Server:curl-debuginfo-0:7.15.5-9.el5.i386",
            "5Server:curl-debuginfo-0:7.15.5-9.el5.ia64",
            "5Server:curl-debuginfo-0:7.15.5-9.el5.ppc",
            "5Server:curl-debuginfo-0:7.15.5-9.el5.ppc64",
            "5Server:curl-debuginfo-0:7.15.5-9.el5.s390",
            "5Server:curl-debuginfo-0:7.15.5-9.el5.s390x",
            "5Server:curl-debuginfo-0:7.15.5-9.el5.x86_64",
            "5Server:curl-devel-0:7.15.5-9.el5.i386",
            "5Server:curl-devel-0:7.15.5-9.el5.ia64",
            "5Server:curl-devel-0:7.15.5-9.el5.ppc",
            "5Server:curl-devel-0:7.15.5-9.el5.ppc64",
            "5Server:curl-devel-0:7.15.5-9.el5.s390",
            "5Server:curl-devel-0:7.15.5-9.el5.s390x",
            "5Server:curl-devel-0:7.15.5-9.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0273"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Workstation:curl-0:7.15.5-9.el5.i386",
            "5Client-Workstation:curl-0:7.15.5-9.el5.ia64",
            "5Client-Workstation:curl-0:7.15.5-9.el5.ppc",
            "5Client-Workstation:curl-0:7.15.5-9.el5.ppc64",
            "5Client-Workstation:curl-0:7.15.5-9.el5.s390",
            "5Client-Workstation:curl-0:7.15.5-9.el5.s390x",
            "5Client-Workstation:curl-0:7.15.5-9.el5.src",
            "5Client-Workstation:curl-0:7.15.5-9.el5.x86_64",
            "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.i386",
            "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.ia64",
            "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.ppc",
            "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.ppc64",
            "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.s390",
            "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.s390x",
            "5Client-Workstation:curl-debuginfo-0:7.15.5-9.el5.x86_64",
            "5Client-Workstation:curl-devel-0:7.15.5-9.el5.i386",
            "5Client-Workstation:curl-devel-0:7.15.5-9.el5.ia64",
            "5Client-Workstation:curl-devel-0:7.15.5-9.el5.ppc",
            "5Client-Workstation:curl-devel-0:7.15.5-9.el5.ppc64",
            "5Client-Workstation:curl-devel-0:7.15.5-9.el5.s390",
            "5Client-Workstation:curl-devel-0:7.15.5-9.el5.s390x",
            "5Client-Workstation:curl-devel-0:7.15.5-9.el5.x86_64",
            "5Client:curl-0:7.15.5-9.el5.i386",
            "5Client:curl-0:7.15.5-9.el5.ia64",
            "5Client:curl-0:7.15.5-9.el5.ppc",
            "5Client:curl-0:7.15.5-9.el5.ppc64",
            "5Client:curl-0:7.15.5-9.el5.s390",
            "5Client:curl-0:7.15.5-9.el5.s390x",
            "5Client:curl-0:7.15.5-9.el5.src",
            "5Client:curl-0:7.15.5-9.el5.x86_64",
            "5Client:curl-debuginfo-0:7.15.5-9.el5.i386",
            "5Client:curl-debuginfo-0:7.15.5-9.el5.ia64",
            "5Client:curl-debuginfo-0:7.15.5-9.el5.ppc",
            "5Client:curl-debuginfo-0:7.15.5-9.el5.ppc64",
            "5Client:curl-debuginfo-0:7.15.5-9.el5.s390",
            "5Client:curl-debuginfo-0:7.15.5-9.el5.s390x",
            "5Client:curl-debuginfo-0:7.15.5-9.el5.x86_64",
            "5Client:curl-devel-0:7.15.5-9.el5.i386",
            "5Client:curl-devel-0:7.15.5-9.el5.ia64",
            "5Client:curl-devel-0:7.15.5-9.el5.ppc",
            "5Client:curl-devel-0:7.15.5-9.el5.ppc64",
            "5Client:curl-devel-0:7.15.5-9.el5.s390",
            "5Client:curl-devel-0:7.15.5-9.el5.s390x",
            "5Client:curl-devel-0:7.15.5-9.el5.x86_64",
            "5Server:curl-0:7.15.5-9.el5.i386",
            "5Server:curl-0:7.15.5-9.el5.ia64",
            "5Server:curl-0:7.15.5-9.el5.ppc",
            "5Server:curl-0:7.15.5-9.el5.ppc64",
            "5Server:curl-0:7.15.5-9.el5.s390",
            "5Server:curl-0:7.15.5-9.el5.s390x",
            "5Server:curl-0:7.15.5-9.el5.src",
            "5Server:curl-0:7.15.5-9.el5.x86_64",
            "5Server:curl-debuginfo-0:7.15.5-9.el5.i386",
            "5Server:curl-debuginfo-0:7.15.5-9.el5.ia64",
            "5Server:curl-debuginfo-0:7.15.5-9.el5.ppc",
            "5Server:curl-debuginfo-0:7.15.5-9.el5.ppc64",
            "5Server:curl-debuginfo-0:7.15.5-9.el5.s390",
            "5Server:curl-debuginfo-0:7.15.5-9.el5.s390x",
            "5Server:curl-debuginfo-0:7.15.5-9.el5.x86_64",
            "5Server:curl-devel-0:7.15.5-9.el5.i386",
            "5Server:curl-devel-0:7.15.5-9.el5.ia64",
            "5Server:curl-devel-0:7.15.5-9.el5.ppc",
            "5Server:curl-devel-0:7.15.5-9.el5.ppc64",
            "5Server:curl-devel-0:7.15.5-9.el5.s390",
            "5Server:curl-devel-0:7.15.5-9.el5.s390x",
            "5Server:curl-devel-0:7.15.5-9.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback"
    }
  ]
}

cve-2010-0734

Vulnerability from cvelistv5

Published

2010-03-19 19:00

Modified

2024-08-07 00:59

Severity ?

Summary

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.

References

▼	URL	Tags
	http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html	vendor-advisory, x_refsource_APPLE
	http://www.vupen.com/english/advisories/2010/0571	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2010/0602	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/archive/1/514490/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/38843	third-party-advisory, x_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2010/03/09/1	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/38981	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/1481	vdb-entry, x_refsource_VUPEN
	http://www.ubuntu.com/usn/USN-1158-1	vendor-advisory, x_refsource_UBUNTU
	http://curl.haxx.se/docs/adv_20100209.html	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/0725	vdb-entry, x_refsource_VUPEN
	http://www.debian.org/security/2010/dsa-2023	vendor-advisory, x_refsource_DEBIAN
	http://www.redhat.com/support/errata/RHSA-2010-0329.html	vendor-advisory, x_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760	vdb-entry, signature, x_refsource_OVAL
	http://support.apple.com/kb/HT4188	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=563220	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2010:062	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/40220	third-party-advisory, x_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-201203-02.xml	vendor-advisory, x_refsource_GENTOO
	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/48256	third-party-advisory, x_refsource_SECUNIA
	http://support.avaya.com/css/P8/documents/100081819	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2010/03/16/11	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/39087	third-party-advisory, x_refsource_SECUNIA
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/45047	third-party-advisory, x_refsource_SECUNIA
	http://wiki.rpath.com/Advisories:rPSA-2010-0072	x_refsource_CONFIRM
	http://curl.haxx.se/libcurl-contentencoding.patch	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/39734	third-party-advisory, x_refsource_SECUNIA
	http://curl.haxx.se/docs/security.html#20100209	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/0660	vdb-entry, x_refsource_VUPEN
	http://www.openwall.com/lists/oss-security/2010/02/09/5	mailing-list, x_refsource_MLIST

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:59:39.012Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2010-06-15-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
          },
          {
            "name": "ADV-2010-0571",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0571"
          },
          {
            "name": "ADV-2010-0602",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0602"
          },
          {
            "name": "20101027 rPSA-2010-0072-1 curl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/514490/100/0/threaded"
          },
          {
            "name": "38843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38843"
          },
          {
            "name": "[oss-security] 20100309 Re: CVE Request -- cURL/libCURL 7.20.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/03/09/1"
          },
          {
            "name": "38981",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38981"
          },
          {
            "name": "ADV-2010-1481",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1481"
          },
          {
            "name": "USN-1158-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1158-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/docs/adv_20100209.html"
          },
          {
            "name": "ADV-2010-0725",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0725"
          },
          {
            "name": "DSA-2023",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2023"
          },
          {
            "name": "RHSA-2010:0329",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0329.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10760",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4188"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=563220"
          },
          {
            "name": "MDVSA-2010:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:062"
          },
          {
            "name": "40220",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40220"
          },
          {
            "name": "GLSA-201203-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
          },
          {
            "name": "FEDORA-2010-2720",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html"
          },
          {
            "name": "FEDORA-2010-2762",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html"
          },
          {
            "name": "48256",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48256"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100081819"
          },
          {
            "name": "[oss-security] 20100316 Re: CVE Request -- cURL/libCURL 7.20.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/03/16/11"
          },
          {
            "name": "39087",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39087"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "45047",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45047"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0072"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/libcurl-contentencoding.patch"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:6756",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756"
          },
          {
            "name": "39734",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39734"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/docs/security.html#20100209"
          },
          {
            "name": "ADV-2010-0660",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0660"
          },
          {
            "name": "[oss-security] 20100209 CVE Request -- cURL/libCURL 7.20.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/02/09/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-02-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "APPLE-SA-2010-06-15-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
        },
        {
          "name": "ADV-2010-0571",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0571"
        },
        {
          "name": "ADV-2010-0602",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0602"
        },
        {
          "name": "20101027 rPSA-2010-0072-1 curl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/514490/100/0/threaded"
        },
        {
          "name": "38843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38843"
        },
        {
          "name": "[oss-security] 20100309 Re: CVE Request -- cURL/libCURL 7.20.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/03/09/1"
        },
        {
          "name": "38981",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38981"
        },
        {
          "name": "ADV-2010-1481",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1481"
        },
        {
          "name": "USN-1158-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1158-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/docs/adv_20100209.html"
        },
        {
          "name": "ADV-2010-0725",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0725"
        },
        {
          "name": "DSA-2023",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2023"
        },
        {
          "name": "RHSA-2010:0329",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0329.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10760",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4188"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=563220"
        },
        {
          "name": "MDVSA-2010:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:062"
        },
        {
          "name": "40220",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40220"
        },
        {
          "name": "GLSA-201203-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
        },
        {
          "name": "FEDORA-2010-2720",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html"
        },
        {
          "name": "FEDORA-2010-2762",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html"
        },
        {
          "name": "48256",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48256"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100081819"
        },
        {
          "name": "[oss-security] 20100316 Re: CVE Request -- cURL/libCURL 7.20.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/03/16/11"
        },
        {
          "name": "39087",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39087"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "45047",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45047"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0072"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/libcurl-contentencoding.patch"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:6756",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756"
        },
        {
          "name": "39734",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39734"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/docs/security.html#20100209"
        },
        {
          "name": "ADV-2010-0660",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0660"
        },
        {
          "name": "[oss-security] 20100209 CVE Request -- cURL/libCURL 7.20.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/02/09/5"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-0734",
    "datePublished": "2010-03-19T19:00:00",
    "dateReserved": "2010-02-26T00:00:00",
    "dateUpdated": "2024-08-07T00:59:39.012Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted