VYPR
Unrated severityNVD Advisory· Published Aug 22, 2023· Updated Aug 4, 2024

CVE-2020-19909

CVE-2020-19909

Description

Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Curl/Curlcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: =7.65.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.