Security vulnerabilities and automated fixes for libcurl issues
1 post found
A high-severity heap buffer overflow vulnerability was discovered and patched in `uri.c`, where a libcurl write callback copied received data into a fixed-size buffer without verifying the total size wouldn't exceed its allocated capacity. Because the affected code runs against attacker-controlled remote endpoints, a malicious server could send oversized responses to corrupt heap memory and potentially execute arbitrary code. The fix introduces a proper buffer-length check before the `memcpy` ca