Marcel Raad

**Name of the Vulnerable Software and Affected Versions** curl versions prior to 7.54.1 **Description** The issue arises when libcurl's default protocol function is used with a URL lacking a scheme part, specifically on Windows and DOS systems. If the default protocol is set to FILE or a file: URL lacks two slashes and starts with a drive letter, libcurl overwrites a heap-based memory buffer with seven bytes. This occurs because libcurl copies the path with a wrong offset, writing beyond the malloc buffer. **Recommendations** For versions prior to 7.54.1, update to version 7.54.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of file: URLs without two slashes following the colon, and refrain from setting the default scheme to FILE when working with URLs that start with a drive letter on Windows or DOS systems.