I recently discovered a slew of bugs in curl ,
which occur in all versions I have access to,
including latest release at time of writing (7.32.0)
and goes back to at least 7.19.7.
One of the bugs can be used to crash curl
or systems using curl via exec (not libcurl),
the others cause strange or incorrect behavior.
The bugs in question are:
These have all been fixed now, first as part of a general
globbing overhaul commit, followed by a specific
URL overflow checking fix.
See the bug reports for details on the errors and example
invocations, hopefully a release fixing these issues is made soon.
These errors were encountered during my research on integer
overflows, and I’m glad the developer fixed them so quickly!
Hopefully these fixes will reach everyone in the form of a
new release soon :).