56b0667406
Fixes the following security issue: CVE-2023-38039: HTTP headers eat all memory When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit on the size or quantity of headers it would accept in a response, allowing a malicious server to stream an endless series of headers to a client and eventually cause curl to run out of heap memory. https://curl.se/docs/CVE-2023-38039.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> |
||
|---|---|---|
| .. | ||
| Config.in | ||
| libcurl.hash | ||
| libcurl.mk | ||