CVE ID:	CVE-2010-0734
Description:	content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.
Test IDs:	1.3.6.1.4.1.25623.1.0.67083   1.3.6.1.4.1.25623.1.0.67167   1.3.6.1.4.1.25623.1.0.67287   1.3.6.1.4.1.25623.1.0.122376   1.3.6.1.4.1.25623.1.0.861776   1.3.6.1.4.1.25623.1.0.861773   1.3.6.1.4.1.25623.1.0.67208   1.3.6.1.4.1.25623.1.0.67166   1.3.6.1.4.1.25623.1.0.67299
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0734 20101027 rPSA-2010-0072-1 curl http://www.securityfocus.com/archive/1/514490/100/0/threaded 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 38843 http://secunia.com/advisories/38843 38981 http://secunia.com/advisories/38981 39087 http://secunia.com/advisories/39087 39734 http://secunia.com/advisories/39734 40220 http://secunia.com/advisories/40220 45047 http://secunia.com/advisories/45047 48256 http://secunia.com/advisories/48256 ADV-2010-0571 http://www.vupen.com/english/advisories/2010/0571 ADV-2010-0602 http://www.vupen.com/english/advisories/2010/0602 ADV-2010-0660 http://www.vupen.com/english/advisories/2010/0660 ADV-2010-0725 http://www.vupen.com/english/advisories/2010/0725 ADV-2010-1481 http://www.vupen.com/english/advisories/2010/1481 APPLE-SA-2010-06-15-1 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html DSA-2023 http://www.debian.org/security/2010/dsa-2023 FEDORA-2010-2720 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html FEDORA-2010-2762 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html GLSA-201203-02 http://security.gentoo.org/glsa/glsa-201203-02.xml MDVSA-2010:062 http://www.mandriva.com/security/advisories?name=MDVSA-2010:062 RHSA-2010:0329 http://www.redhat.com/support/errata/RHSA-2010-0329.html USN-1158-1 http://www.ubuntu.com/usn/USN-1158-1 [oss-security] 20100209 CVE Request -- cURL/libCURL 7.20.0 http://www.openwall.com/lists/oss-security/2010/02/09/5 [oss-security] 20100309 Re: CVE Request -- cURL/libCURL 7.20.0 http://www.openwall.com/lists/oss-security/2010/03/09/1 [oss-security] 20100316 Re: CVE Request -- cURL/libCURL 7.20.0 http://www.openwall.com/lists/oss-security/2010/03/16/11 http://curl.haxx.se/docs/adv_20100209.html http://curl.haxx.se/docs/adv_20100209.html http://curl.haxx.se/docs/security.html#20100209 http://curl.haxx.se/docs/security.html#20100209 http://curl.haxx.se/libcurl-contentencoding.patch http://curl.haxx.se/libcurl-contentencoding.patch http://support.apple.com/kb/HT4188 http://support.apple.com/kb/HT4188 http://support.avaya.com/css/P8/documents/100081819 http://support.avaya.com/css/P8/documents/100081819 http://wiki.rpath.com/Advisories:rPSA-2010-0072 http://wiki.rpath.com/Advisories:rPSA-2010-0072 http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://bugzilla.redhat.com/show_bug.cgi?id=563220 https://bugzilla.redhat.com/show_bug.cgi?id=563220 oval:org.mitre.oval:def:10760 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760 oval:org.mitre.oval:def:6756 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756