vulnerability

FreeBSD: VID-9314058e-5204-11e7-b712-b1a44a034d72 (CVE-2017-9502): cURL -- URL file scheme drive letter buffer overflow

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Jun 15, 2017	Jun 16, 2017	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Jun 15, 2017

Added

Jun 16, 2017

Modified

Dec 10, 2025

Description

cURL security advisory: When libcurl is given either 1. a file: URL that doesn't use two slashes following the colon, or 2. is told that file is the default scheme to use for URLs without scheme ... and the given path starts with a drive letter and libcurl is built for Windows or DOS, then libcurl would copy the path with a wrong offset, so that the end of the given path would write beyond the malloc buffer. Up to seven bytes too much. We are not aware of any exploit of this flaw.

Solution

freebsd-upgrade-package-curl

References

CVE-2017-9502
https://attackerkb.com/topics/CVE-2017-9502
CWE-119

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today