Lucene search

K
cveRedhatCVE-2015-3144
HistoryApr 24, 2015 - 2:59 p.m.

CVE-2015-3144

2015-04-2414:59:09
CWE-119
redhat
web.nvd.nist.gov
68
cve-2015-3144
curl
libcurl
fix_hostname
denial of service
out-of-bounds
nvd

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

9.3

Confidence

High

EPSS

0.066

Percentile

93.9%

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by “http://:80” and “:80.”

Affected configurations

Nvd
Node
oraclemysql_enterprise_monitorRange2.3.20
OR
oraclemysql_enterprise_monitorRange3.0.22
Node
haxxcurlMatch7.37.0
OR
haxxcurlMatch7.37.1
OR
haxxcurlMatch7.38.0
OR
haxxcurlMatch7.39.0
OR
haxxcurlMatch7.40.0
OR
haxxcurlMatch7.41.0
Node
haxxlibcurlMatch7.37.0
OR
haxxlibcurlMatch7.37.1
OR
haxxlibcurlMatch7.38.0
OR
haxxlibcurlMatch7.39
OR
haxxlibcurlMatch7.40.0
OR
haxxlibcurlMatch7.41.0
Node
canonicalubuntu_linuxMatch12.04lts
OR
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch14.10
OR
canonicalubuntu_linuxMatch15.04
OR
debiandebian_linuxMatch7.0
VendorProductVersionCPE
oraclemysql_enterprise_monitor*cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
haxxcurl7.37.0cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*
haxxcurl7.37.1cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*
haxxcurl7.38.0cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*
haxxcurl7.39.0cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*
haxxcurl7.40.0cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*
haxxcurl7.41.0cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*
haxxlibcurl7.37.0cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*
haxxlibcurl7.37.1cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*
haxxlibcurl7.38.0cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 181

References

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

9.3

Confidence

High

EPSS

0.066

Percentile

93.9%