A buffer boundary flaw has been found in a URL decode function of libcurl up to version 7.30.0. The affected function curl_easy_unescape() is not directly used by Airlock. Potential indirect calls (within libcurl) to the function can not be exploited because the critical parameter of the function can not be influenced by the client.
no action required.