Control: tags -1 confirmed On Wed, 2023-09-27 at 21:24 +0800, Carlos Henrique Lima Melara wrote: > A vulnerability was discovered and reported to Curl upstream [1] with > the following CVE ID: CVE-2023-38039. > > The description of the CVE is: > > > When curl retrieves an HTTP response, it stores the incoming > > headers so that they can be accessed later via the libcurl headers > > API. However, curl did not have a limit in how many or how large > > headers it would accept in a response, allowing a malicious server > > to stream an endless series of headers and eventually cause curl to > > run out of heap memory. >
Please go ahead. Regards, Adam
