CVE-2025-0725

一、漏洞信息
漏洞编号：[CVE-2025-0725](https://nvd.nist.gov/vuln/detail/CVE-2025-0725)
漏洞归属组件：curl, https://gitee.com/opengauss/security
漏洞归属的版本：7.78.0
CVSS分值：
&emsp;BaseScore： N/A None
&emsp;Vector： N/A

漏洞简述：
When libcurl is asked to perform automatic gzip decompression of
content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,
**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would
make libcurl perform a buffer overflow.

漏洞公开时间：N/A
漏洞创建时间：2025-02-05 18:41:47
漏洞详情参考链接：
[https://nvd.nist.gov/vuln/detail/CVE-2025-0725](https://nvd.nist.gov/vuln/detail/CVE-2025-0725)
漏洞分析指导链接：
[https://gitee.com/opengauss/security/blob/master/cve/manual.md](https://gitee.com/opengauss/security/blob/master/cve/manual.md)
漏洞补丁信息：

二、漏洞分析结构反馈
影响性分析说明：
Whenlibcurlisaskedtoperformautomaticgzipdecompressionof
content-encodedHTTPresponseswiththeCURLOPT_ACCEPT_ENCODINGoption,
usingzlib1.2.0.3orolder,anattacker-controlledintegeroverflowwould
makelibcurlperformabufferoverflow.

漏洞评分(openGauss评分):
&emsp;BaseScore： 1.0
&emsp;Vector： AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

受影响版本排查(受影响/不受影响)：
1.master:受影响

openGauss/security

内容风险标识

评论 (6)

openGauss/security .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2025-0725

评论 (6)

搜索帮助

openGauss/security