All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Critical Buffer Overflow Vulnerability Discovered in cURL Cookie Parsing Mechanism

By

redbell

8mo agoenNews

Summary

A security researcher discovered a critical stack-based buffer overflow vulnerability in cURL's cookie parsing mechanism that can lead to remote code execution. The vulnerability affects all applications using libcurl for HTTP requests when processing maliciously crafted HTTP cookies.

Key quotes

· 4 pulled
I discovered a critical stack-based buffer overflow vulnerability in cURL's cookie parsing mechanism
The vulnerability occurs when processing maliciously crafted HTTP cookies
affecting all applications that use libcurl for HTTP requests
During security research on cURL's cookie handling implementation, I identified a stack...
Snippet from the RSS feed
## Summary I discovered a critical stack-based buffer overflow vulnerability in cURL's cookie parsing mechanism that can lead to remote code execution. The vulnerability occurs when processing maliciously crafted HTTP cookies, affecting all applications t

You might also wanna read

OpenSSL Vulnerability CVE-2025-15467: Stack Overflow with Remote Code Execution Risk

JFrog Security Research team reports on a newly disclosed OpenSSL vulnerability, CVE-2025-15467, which is a stack overflow issue that could

research.jfrog.com·4mo ago

Notion AI Vulnerability Enables Data Exfiltration Through Prompt Injection Attacks

Notion AI has a security vulnerability that allows data exfiltration through indirect prompt injection attacks. The vulnerability occurs bec

promptarmor.com·4mo ago

Security Researchers Discover RCE Chain in PostHog Analytics Platform Through SSRF, ClickHouse Zero-Day, and Default PostgreSQL Credentials

A security research team discovered multiple critical vulnerabilities in PostHog analytics platform that could be chained together for remot

mdisec.com·5mo ago

Critical Vulnerability in GoSign Desktop Allows Remote Code Execution via Insecure Updates

Security researcher Pasquale 'sid' Fiorillo discovered a critical vulnerability in GoSign Desktop software (version <= 2.4.0) that allows re

ush.it·6mo ago

Critical Redis Vulnerability (CVE-2025-49844) Allows Remote Code Execution with Maximum CVSS Score

Wiz Research has discovered a critical remote code execution vulnerability (CVE-2025-49844, nicknamed #RediShell) in Redis, the widely used

wiz.io·7mo ago

Prompt Injection Attacks: The Top Security Threat Hijacking AI Chatbots

Prompt injection attacks are a critical security vulnerability in AI systems where hidden instructions within user data (like emails or docu

buff.ly·7h ago