PublicDateAtUSN: 2013-06-24
Candidate: CVE-2013-2174
PublicDate: 2013-07-31 13:20:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174
 http://curl.haxx.se/docs/adv_20130622.html
 https://ubuntu.com/security/notices/USN-1894-1
Description:
 Heap-based buffer overflow in the curl_easy_unescape function in
 lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers
 to cause a denial of service (application crash) or possibly execute
 arbitrary code via a crafted string ending in a "%" (percent) character.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Timo Sirainen
Assigned-to: mdeslaur
CVSS: 

Patches_curl:
 upstream: http://curl.haxx.se/libcurl-unescape.patch
 upstream: https://github.com/bagder/curl/commit/192c4f788d48f82c03e9cef40013f34370e90737
 upstream: https://github.com/bagder/curl/commit/0de7249bb39a2738a277c438b2bb1252ab8243cd (test)
 upstream: https://github.com/bagder/curl/commit/6fab0bd9f163430254259f6b7d5c75b5452257d3 (test fix)
upstream_curl: released (7.31.0-1)
lucid_curl: released (7.19.7-1ubuntu1.3)
precise_curl: released (7.22.0-3ubuntu4.2)
quantal_curl: released (7.27.0-1ubuntu1.3)
raring_curl: released (7.29.0-1ubuntu3.1)
devel_curl: not-affected (7.31.0-1ubuntu1)