Critical vulnerability in cURL library allow remote code execution attacks

A critical buffer overflow vulnerability patched this week in the widely used open-source cURL library (libcurl) has the potential to expose a large number of applications and systems to remote code execution attacks. The vulnerability can be exploited when a program that uses libcurl or the cURL command line tool communicates with a malicious server over the POP3, SMTP or IMAP protocols, the cURL developers said Wednesday in a security advisory. The flaw is located in the libcurl function that handles SASL DIGEST-MD5 authentication and affects versions 7.26.0 to 7.28.1 of the library.