[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-3145Date: (C)2015-04-24   (M)2024-04-19


The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1032232
BID-74303
APPLE-SA-2015-08-13-2
DSA-3232
FEDORA-2015-6695
FEDORA-2015-6712
FEDORA-2015-6728
FEDORA-2015-6853
FEDORA-2015-6864
GLSA-201509-02
MDVSA-2015:219
USN-2591-1
http://advisories.mageia.org/MGASA-2015-0179.html
http://curl.haxx.se/docs/adv_20150422C.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
https://support.apple.com/kb/HT205031
openSUSE-SU-2015:0799

CPE    39
cpe:/o:fedoraproject:fedora:21
cpe:/o:fedoraproject:fedora:22
cpe:/a:haxx:curl:7.40.0
cpe:/a:haxx:libcurl:7.41.0
...
CWE    1
CWE-119
OVAL    9
oval:org.secpod.oval:def:25772
oval:org.secpod.oval:def:24344
oval:org.secpod.oval:def:26644
oval:org.secpod.oval:def:52148
...

© SecPod Technologies