CVE-2015-3144

Loading...

General

Score:9.0/10.0
Severity:High
Category:Buffer Error
Exploit:Available

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:Single

Relative vulnerabilities

CVE-2014-0015, CVE-2015-3143, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153

Published on 24/04/15 - Updated on 22/12/16

Description

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."

Category: Buffer Error

CWE-119 (Buffer Errors)
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Security Notices

US National Vulnerability DatabaseCVE-2015-3144
Amazon Linux ALAS-2015-514
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2015-AVI-355, CERTFR-2015-AVI-438, CERTFR-2016-AVI-128
Arch Linux ASA-201504-28
SUSE SUSE-SU-2015:0990
Ubuntu USN-2591-1

Exploits

SecurityFocusBID-74300

Relative technologies

VendorProduct
canonicalubuntu_linux
debiandebian_linux
haxxcurl
haxxlibcurl
oraclemysql_enterprise_monitor

Share this vulnerability with:

Twitter Facebook LinkedIn Mail