[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-3144Date: (C)2015-04-24   (M)2024-04-19


The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.0
Exploit Score: 8.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1032232
BID-74300
APPLE-SA-2015-08-13-2
DSA-3232
FEDORA-2015-6695
FEDORA-2015-6728
FEDORA-2015-6853
FEDORA-2015-6864
GLSA-201509-02
USN-2591-1
http://curl.haxx.se/docs/adv_20150422D.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
https://support.apple.com/kb/HT205031
openSUSE-SU-2015:0799

CPE    17
cpe:/a:haxx:curl:7.41.0
cpe:/a:haxx:curl:7.40.0
cpe:/a:haxx:libcurl:7.41.0
cpe:/a:haxx:libcurl:7.40.0
...
CWE    1
CWE-119
OVAL    6
oval:org.secpod.oval:def:24344
oval:org.secpod.oval:def:26643
oval:org.secpod.oval:def:602055
oval:org.secpod.oval:def:108812
...

© SecPod Technologies