CVE-2017-1000101

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.46.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.47.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.50.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.50.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.54.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.55.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.48.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.45.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.44.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.42.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.42.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.53.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.43.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.47.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.49.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.49.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.50.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.50.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.51.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.52.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.52.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.53.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.54.0:*:*:*:*:*:*:*

Information

Published : 2017-10-04 18:29

Updated : 2018-11-13 03:29


NVD link : CVE-2017-1000101

Mitre link : CVE-2017-1000101


JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa

Products Affected

haxx

  • curl