DEBIAN-CVE-2013-0249

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2013-0249

Published: 08 Mar 2013, 22:55

Last modified:28 Apr 2026, 20:12

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

08 Mar 2013, 22:55

Published

Vulnerability first disclosed

28 Apr 2026, 20:12

Last Modified

Vulnerability information updated

Description

Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message.

Affected Systems

debian•curl
< 7.29.0-1 | < 7.29.0-1 | < 7.29.0-1 | < 7.29.0-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2013-0249