Security Advisory

CVE-2025-0725

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-02-05 09:18:20

Last updated 2025-06-12 16:04:29

Assigner curl

State PUBLISHED

Description

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.

← Browse all CVEs View on cve.org ↗