Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVSS Score
9.8
EPSS Score
0.083
Published
2019-09-16
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.
CVSS Score
7.8
EPSS Score
0.01
Published
2019-07-02
An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.
CVSS Score
3.7
EPSS Score
0.002
Published
2019-05-28
Page 5