You are here
libcurl SASL buffer overflow vulnerability
Submitted on 11. February 2013 - 10:14 by rischi.
Last update on 11. February 2013 - 11:30.
Last update on 11. February 2013 - 11:30.
IDs:
CVE-2013-0249
Keywords:
libcurl, buffer overflow
Description:
libcurl is vulnerable to a buffer overflow in the implementation of POP3, SMTP or IMAP protocol.
Airlock is using libcurl to communicate with HTTP(S) to back-end systems. Exploits have shown that a vulnerable back-end system could send redirects to a malicious mailserver which then performs the described buffer overflow. Since Airlock does not follow redirects from back-end systems this vulnerability does not affect Airlock. Redirects are sent to the client - an incoming POP3/SMTP/IMAP request to Airlock will be refused in any case.
Resolution:
No action is needed
Component:
Airlock
Airlock Vulnerability Status:
Does not affect Airlock
Back-end Vulnerability Status:
Does not affect back-end behind Airlock