Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-1000101

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.

Published

2017-10-05T01:29:04.103

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	haxx	curl	7.4.1	Yes
Application	haxx	curl	7.35.0	Yes
Application	haxx	curl	7.36.0	Yes
Application	haxx	curl	7.37.0	Yes
Application	haxx	curl	7.37.1	Yes
Application	haxx	curl	7.38.0	Yes
Application	haxx	curl	7.39.0	Yes
Application	haxx	curl	7.40.0	Yes
Application	haxx	curl	7.41.0	Yes
Application	haxx	curl	7.42.0	Yes
Application	haxx	curl	7.42.1	Yes
Application	haxx	curl	7.43.0	Yes
Application	haxx	curl	7.44.0	Yes
Application	haxx	curl	7.45.0	Yes
Application	haxx	curl	7.46.0	Yes
Application	haxx	curl	7.47.0	Yes
Application	haxx	curl	7.47.1	Yes
Application	haxx	curl	7.48.0	Yes
Application	haxx	curl	7.49.0	Yes
Application	haxx	curl	7.49.1	Yes
Application	haxx	curl	7.50.0	Yes
Application	haxx	curl	7.50.1	Yes
Application	haxx	curl	7.50.2	Yes
Application	haxx	curl	7.50.3	Yes
Application	haxx	curl	7.51.0	Yes
Application	haxx	curl	7.52.0	Yes
Application	haxx	curl	7.52.1	Yes
Application	haxx	curl	7.53.0	Yes
Application	haxx	curl	7.53.1	Yes
Application	haxx	curl	7.54.0	Yes
Application	haxx	curl	7.54.1	Yes
Application	haxx	curl	7.55.0	Yes

References

http://www.debian.org/security/2017/dsa-3992 ([email protected])
http://www.securityfocus.com/bid/100249 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1039117 Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/errata/RHSA-2018:3558 ([email protected])
https://curl.haxx.se/docs/adv_20170809A.html Issue Tracking, Vendor Advisory ([email protected])
https://security.gentoo.org/glsa/201709-14 Issue Tracking, Third Party Advisory ([email protected])
https://support.apple.com/HT208221 ([email protected])
http://www.debian.org/security/2017/dsa-3992 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/100249 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039117 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:3558 (af854a3a-2127-422b-91ae-364da2661108)
https://curl.haxx.se/docs/adv_20170809A.html Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201709-14 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT208221 (af854a3a-2127-422b-91ae-364da2661108)