VIR Vulnerability Intelligence Relay

CVE-2013-2174

medium
Published 2013-07-31 · Modified 2026-04-29
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-2174

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/bagder/curl/commit/192c4f788d48f82c03e9cef40013f34370e90737

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://curl.haxx.se/docs/adv_20130622.html

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed7.31.0-1
debian debianbullseyefixed7.31.0-1
debian debianforkyfixed7.31.0-1
debian debiansidfixed7.31.0-1
debian debiantrixiefixed7.31.0-1
ubuntu ubuntu10.04affected
ubuntu ubuntu12.04affected
ubuntu ubuntu12.10affected
ubuntu ubuntu13.04affected
suse suse11.4affected
redhat rhel5affected
redhat rhel6.0affected

Application impact
VendorProductVersionsFixed
haxxcurl7.7
haxxcurl7.7.1
haxxcurl7.7.2
haxxcurl7.7.3
haxxcurl7.8
haxxcurl7.8.1
haxxcurl7.9
haxxcurl7.9.1
haxxcurl7.9.2
haxxcurl7.9.3
haxxcurl7.9.4
haxxcurl7.9.5
haxxcurl7.9.6
haxxcurl7.9.7
haxxcurl7.9.8
haxxcurl7.10
haxxcurl7.10.1
haxxcurl7.10.2
haxxcurl7.10.3
haxxcurl7.10.4
haxxcurl7.10.5
haxxcurl7.10.6
haxxcurl7.10.7
haxxcurl7.10.8
haxxcurl7.11.0
haxxcurl7.11.1
haxxcurl7.11.2
haxxcurl7.12.0
haxxcurl7.12.1
haxxcurl7.12.2
haxxcurl7.12.3
haxxcurl7.13.0
haxxcurl7.13.1
haxxcurl7.13.2
haxxcurl7.14.0
haxxcurl7.14.1
haxxcurl7.15.0
haxxcurl7.15.1
haxxcurl7.15.2
haxxcurl7.15.3
haxxcurl7.15.4
haxxcurl7.15.5
haxxcurl7.16.0
haxxcurl7.16.1
haxxcurl7.16.2
haxxcurl7.16.3
haxxcurl7.16.4
haxxcurl7.17.0
haxxcurl7.17.1
haxxcurl7.18.0
haxxcurl7.18.1
haxxcurl7.18.2
haxxcurl7.19.0
haxxcurl7.19.1
haxxcurl7.19.2
haxxcurl7.19.3
haxxcurl7.19.4
haxxcurl7.19.5
haxxcurl7.19.6
haxxcurl7.19.7
haxxcurl7.20.0
haxxcurl7.20.1
haxxcurl7.21.0
haxxcurl7.21.1
haxxcurl7.21.2
haxxcurl7.21.3
haxxcurl7.21.4
haxxcurl7.21.5
haxxcurl7.21.6
haxxcurl7.21.7
haxxcurl7.22.0
haxxcurl7.23.0
haxxcurl7.23.1
haxxcurl7.24.0
haxxcurl7.25.0
haxxcurl7.26.0
haxxcurl7.27.0
haxxcurl7.28.0
haxxcurl7.28.1
haxxcurl7.29.0
haxxcurl7.30.0
haxxlibcurl7.7
haxxlibcurl7.7.1
haxxlibcurl7.7.2
haxxlibcurl7.7.3
haxxlibcurl7.8
haxxlibcurl7.8.1
haxxlibcurl7.9
haxxlibcurl7.9.1
haxxlibcurl7.9.2
haxxlibcurl7.9.3
haxxlibcurl7.9.4
haxxlibcurl7.9.5
haxxlibcurl7.9.6
haxxlibcurl7.9.7
haxxlibcurl7.9.8
haxxlibcurl7.10
haxxlibcurl7.10.1
haxxlibcurl7.10.2
haxxlibcurl7.10.3
haxxlibcurl7.10.4
haxxlibcurl7.10.5
haxxlibcurl7.10.6
haxxlibcurl7.10.7
haxxlibcurl7.10.8
haxxlibcurl7.11.0
haxxlibcurl7.11.1
haxxlibcurl7.11.2
haxxlibcurl7.12.0
haxxlibcurl7.12.1
haxxlibcurl7.12.2
haxxlibcurl7.12.3
haxxlibcurl7.13.0
haxxlibcurl7.13.1
haxxlibcurl7.13.2
haxxlibcurl7.14.0
haxxlibcurl7.14.1
haxxlibcurl7.15.0
haxxlibcurl7.15.1
haxxlibcurl7.15.2
haxxlibcurl7.15.3
haxxlibcurl7.15.4
haxxlibcurl7.15.5
haxxlibcurl7.16.0
haxxlibcurl7.16.1
haxxlibcurl7.16.2
haxxlibcurl7.16.3
haxxlibcurl7.16.4
haxxlibcurl7.17.0
haxxlibcurl7.17.1
haxxlibcurl7.18.0
haxxlibcurl7.18.1
haxxlibcurl7.18.2
haxxlibcurl7.19.0
haxxlibcurl7.19.1
haxxlibcurl7.19.2
haxxlibcurl7.19.3
haxxlibcurl7.19.4
haxxlibcurl7.19.5
haxxlibcurl7.19.6
haxxlibcurl7.19.7
haxxlibcurl7.20.0
haxxlibcurl7.20.1
haxxlibcurl7.21.0
haxxlibcurl7.21.1
haxxlibcurl7.21.2
haxxlibcurl7.21.3
haxxlibcurl7.21.4
haxxlibcurl7.21.5
haxxlibcurl7.21.6
haxxlibcurl7.21.7
haxxlibcurl7.22.0
haxxlibcurl7.23.0
haxxlibcurl7.23.1
haxxlibcurl7.24.0
haxxlibcurl7.25.0
haxxlibcurl7.26.0
haxxlibcurl7.27.0
haxxlibcurl7.28.0
haxxlibcurl7.28.1
haxxlibcurl7.29.0
haxxlibcurl7.30.0

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.