Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-19909

Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error.

Published

2023-08-22T19:16:06.480

Last Modified

2024-11-21T05:09:29.187

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

Weaknesses

Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	haxx	curl	7.65.2	Yes

References

https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/ Issue Tracking ([email protected])
https://github.com/curl/curl/pull/4166 Patch ([email protected])
https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/ Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/curl/curl/pull/4166 Patch (af854a3a-2127-422b-91ae-364da2661108)