{"id":"CVE-2013-2174","details":"Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a \"%\" (percent) character.","aliases":["CURL-CVE-2013-2174"],"modified":"2026-04-16T04:32:03.024230153Z","published":"2013-07-31T13:20:25Z","related":["SUSE-SU-2015:0962-1","openSUSE-SU-2024:10303-1"],"references":[{"type":"ADVISORY","url":"http://curl.haxx.se/docs/adv_20130622.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2013-0983.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2013/dsa-2713"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-1894-1"},{"type":"EVIDENCE","url":"https://github.com/bagder/curl/commit/192c4f788d48f82c03e9cef40013f34370e90737"},{"type":"FIX","url":"https://github.com/bagder/curl/commit/192c4f788d48f82c03e9cef40013f34370e90737"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2013-07/msg00013.html"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/60737"}],"schema_version":"1.7.5"}