cURL / libcURL TFTP URL Parser Buffer Overflow Vulnerability

cURL / libcURL TFTP URL Parser Buffer Overflow Vulnerability

cURL and libcURL are prone to a buffer-overflow vulnerability. This issue is due to a failure in the library to perform proper bounds checks on user-supplied data before using it in a finite-sized buffer.

The issue occurs when the URL parser handles an excessively long URL string with a TFTP protocol prefix 'tftp://'.

An attacker can exploit this issue to crash the affected library, effectively denying service. Arbitrary code execution may also be possible, which may facilitate a compromise of the underlying system.