An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Buffer Overflow
Curl
NVD
CVSS 3.0
3.7
EPSS
4.9%