Описание
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 7.38.0-3ubuntu3 |
| esm-infra-legacy/trusty | not-affected | 7.35.0-1ubuntu2.3 |
| lucid | not-affected | |
| precise | not-affected | |
| trusty | not-affected | 7.35.0-1ubuntu2.3 |
| trusty/esm | not-affected | 7.35.0-1ubuntu2.3 |
| upstream | released | 7.42.0 |
| utopic | released | 7.37.1-1ubuntu3.4 |
| vivid | released | 7.38.0-3ubuntu2.2 |
| vivid/stable-phone-overlay | released | 7.38.0-3ubuntu2.2 |
Показывать по
EPSS
9 Critical
CVSS2
Связанные уязвимости
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 do ...
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."
EPSS
9 Critical
CVSS2