CVE-2020-19909

Name of the Vulnerable Software and Affected Versions curl version 7.65.2

Description The issue is related to an integer overflow vulnerability in the tool operate.c file of curl, which can occur when a large value is specified as the retry delay. This may cause a denial of service to associated systems or networks if the --retry-delay is misinterpreted as a value much smaller than intended. However, many parties report that this has no direct security impact on the curl user. The vulnerability may be exploited to cause a denial of service, but this is not especially plausible as it only happens if the user was trying to specify that curl should wait weeks or longer before trying to recover from a transient error.

Recommendations For curl version 7.65.2, consider updating to a newer version to mitigate the risk of exploitation, although the security impact of this issue is disputed. As a temporary workaround, consider avoiding the use of large values for the --retry-delay option to minimize the risk of denial of service.