CVE-2006-1061
EPSS 3.8%
Description
Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.
How to fix CVE-2006-1061
To remediate CVE-2006-1061, upgrade the affected package to a fixed version below.
- Debian/curl—upgrade to 7.15.3-1 or later
Is CVE-2006-1061 being exploited?
Low — EPSS is 3.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 7.15.3-1