Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2015-3144HistoryApr 24, 2015 - 2:59 p.m.
CVE-2015-3144
2015-04-2414:59:00
Debian Security Bug Tracker
security-tracker.debian.org
13
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.065 Low
EPSS
Percentile
93.7%
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by “http://:80” and “:80.”
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | curl | < 7.42.0-1 | curl_7.42.0-1_all.deb |
| Debian | 11 | all | curl | < 7.42.0-1 | curl_7.42.0-1_all.deb |
| Debian | 10 | all | curl | < 7.42.0-1 | curl_7.42.0-1_all.deb |
| Debian | 999 | all | curl | < 7.42.0-1 | curl_7.42.0-1_all.deb |
| Debian | 13 | all | curl | < 7.42.0-1 | curl_7.42.0-1_all.deb |
Related
prion
prion
Out-of-bounds
2015-04-24 14:59:00
ubuntucve
ubuntucve
CVE-2015-3144
2015-04-22 00:00:00
cve
cve
CVE-2015-3144
2015-04-24 14:59:00
f5
f5
SOL16708 - cURL and libcurl vulnerabilities CVE-2015-3144 and CVE-2015-3145
2015-05-29 00:00:00
K16708 : cURL and libcurl vulnerabilities CVE-2015-3144 and CVE-2015-3145
2015-05-29 00:00:00
nessus
nessus
MySQL Enterprise Monitor 2.3.x < 2.3.21 / 3.0.x < 3.0.23 Multiple Vulnerabilities
2015-10-22 00:00:00
openSUSE Security Update : curl (openSUSE-2015-336)
2015-04-30 00:00:00
cURL / libcURL 7.x < 7.42.0 Multiple Vulnerabilities
2015-09-15 00:00:00
hackerone
hackerone
Imgur: SSRF in https://imgur.com/vidgif/url
2016-02-10 18:53:22
debian
debian
[SECURITY] [DSA 3232-1] curl security update
2015-04-22 12:08:24
openvas
openvas
Debian: Security Advisory (DSA-3232-1)
2015-04-21 00:00:00
Debian Security Advisory DSA 3232-1 (curl - security update)
2015-04-22 00:00:00
Fedora Update for curl FEDORA-2015-6695
2015-07-07 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: curl-7.40.0-3.fc22
2015-04-26 12:43:00
[SECURITY] Fedora 21 Update: curl-7.37.0-14.fc21
2015-05-02 18:11:42
[SECURITY] Fedora 21 Update: mingw-curl-7.42.0-1.fc21
2015-05-04 15:28:35
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.42.0-alt1
2015-04-22 00:00:00
kaspersky
kaspersky
KLA10566 Multiple vulnerabilities in cURL
2015-04-24 00:00:00
osv
osv
curl - security update
2015-04-22 00:00:00
amazon
amazon
Medium: curl
2015-04-22 16:14:00
archlinux
archlinux
curl: multiple issues
2015-04-24 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2015-04-30 00:00:00
securityvulns
securityvulns
[USN-2591-1] curl vulnerabilities
2015-05-05 00:00:00
cURL security vulnerabilitiies
2015-11-01 00:00:00
Apple Mac OS X / OS X Server multiple security vulnerabilities
2015-08-17 00:00:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2015-09-24 00:00:00
slackware
slackware
[slackware-security] curl
2015-10-29 22:48:27
oracle
oracle
Oracle Critical Patch Update Advisory - October 2015
2015-10-20 00:00:00
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.065 Low
EPSS
Percentile
93.7%
Related for DEBIANCVE:CVE-2015-3144