Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-3144

Опубликовано: 22 апр. 2015
Источник: redhat
CVSS2: 2.6
EPSS Низкий

Описание

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."

It was discovered that libcurl did not properly process zero-length host names. If an attacker could trick an application using libcurl into processing zero-length host names, this could lead to an out-of-bounds read, and possibly cause that application to crash.

Отчет

Not vulnerable. This issue does not affect the version of curl as shipped with Red Hat Enterprise Linux 5, 6 and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 1.2curlNot affected
Red Hat Enterprise Linux 5curlNot affected
Red Hat Enterprise Linux 6curlNot affected
Red Hat Enterprise Linux 7curlNot affected
Red Hat Enterprise Virtualization 3mingw-virt-viewerNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125->CWE-129->CWE-131->CWE-193
https://bugzilla.redhat.com/show_bug.cgi?id=1213335curl: host name out of boundary memory access

EPSS

Процентиль: 77%
0.01008
Низкий

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-3144

ubuntu
почти 11 лет назад

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."

nvd логотип

CVE-2015-3144

nvd
почти 11 лет назад

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."

debian логотип

CVE-2015-3144

debian
почти 11 лет назад

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 do ...

github логотип

GHSA-w3rm-phr3-x8q8

github
больше 3 лет назад

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."

suse-cvrf логотип

SUSE-SU-2015:0990-1

suse-cvrf
почти 11 лет назад

Security update for curl

EPSS

Процентиль: 77%
0.01008
Низкий

2.6 Low

CVSS2