Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2015-3145HistoryApr 24, 2015 - 2:59 p.m.
CVE-2015-3145
2015-04-2414:59:00
Debian Security Bug Tracker
security-tracker.debian.org
11
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.881 High
EPSS
Percentile
98.6%
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | curl | < 7.42.0-1 | curl_7.42.0-1_all.deb |
| Debian | 11 | all | curl | < 7.42.0-1 | curl_7.42.0-1_all.deb |
| Debian | 10 | all | curl | < 7.42.0-1 | curl_7.42.0-1_all.deb |
| Debian | 999 | all | curl | < 7.42.0-1 | curl_7.42.0-1_all.deb |
| Debian | 13 | all | curl | < 7.42.0-1 | curl_7.42.0-1_all.deb |
Related
checkpoint_advisories
checkpoint_advisories
cURL and libcurl Cookie Path Parsing Remote Code Execution (CVE-2015-3145)
2015-07-22 00:00:00
ubuntucve
ubuntucve
CVE-2015-3145
2015-04-22 00:00:00
prion
prion
Out-of-bounds
2015-04-24 14:59:00
cve
cve
CVE-2015-3145
2015-04-24 14:59:00
f5
f5
K16708 : cURL and libcurl vulnerabilities CVE-2015-3144 and CVE-2015-3145
2015-05-29 00:00:00
SOL16708 - cURL and libcurl vulnerabilities CVE-2015-3144 and CVE-2015-3145
2015-05-29 00:00:00
nessus
nessus
Fedora 20 : curl-7.32.0-20.fc20 (2015-6712)
2015-04-29 00:00:00
Mandriva Linux Security Advisory : curl (MDVSA-2015:219)
2015-05-05 00:00:00
Fedora 21 : curl-7.37.0-14.fc21 (2015-6728)
2015-05-04 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0179)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-3232-1)
2015-04-21 00:00:00
Debian Security Advisory DSA 3232-1 (curl - security update)
2015-04-22 00:00:00
mageia
mageia
Updated curl packages fix security vulnerabilities
2015-05-03 03:19:16
osv
osv
curl - security update
2015-04-22 00:00:00
amazon
amazon
Medium: curl
2015-04-22 16:14:00
fedora
fedora
[SECURITY] Fedora 22 Update: mingw-curl-7.42.0-1.fc22
2015-05-01 16:51:59
[SECURITY] Fedora 22 Update: curl-7.40.0-3.fc22
2015-04-26 12:43:00
[SECURITY] Fedora 21 Update: curl-7.37.0-14.fc21
2015-05-02 18:11:42
debian
debian
[SECURITY] [DSA 3232-1] curl security update
2015-04-22 12:08:24
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.42.0-alt1
2015-04-22 00:00:00
kaspersky
kaspersky
KLA10566 Multiple vulnerabilities in cURL
2015-04-24 00:00:00
archlinux
archlinux
curl: multiple issues
2015-04-24 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2015-04-30 00:00:00
securityvulns
securityvulns
[USN-2591-1] curl vulnerabilities
2015-05-05 00:00:00
cURL security vulnerabilitiies
2015-11-01 00:00:00
Apple Mac OS X / OS X Server multiple security vulnerabilities
2015-08-17 00:00:00
slackware
slackware
[slackware-security] curl
2015-10-29 22:48:27
gentoo
gentoo
cURL: Multiple vulnerabilities
2015-09-24 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.881 High
EPSS
Percentile
98.6%
Related for DEBIANCVE:CVE-2015-3145