CVE-2020-19909

LOW

curl 7.65.2 - Integer Overflow via Large Retry Delay Value

Title source: llm

Description

Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error.

References (2)

Core 2

Core References

Issue Tracking

https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/

Patch

https://github.com/curl/curl/pull/4166

Scores

CVSS v3 3.3

EPSS 0.0002

EPSS Percentile 5.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (1)

haxx/curl 7.65.2

Published Aug 22, 2023

Tracked Since Feb 18, 2026