9.4 High
AI Score
Confidence
High
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.901 High
EPSS
Percentile
98.6%
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by “<http://:80>” and “:80.”
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
Impact
None. F5 products are not affected by this vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip gtm | eq | 10.1.0 | |
big-ip gtm | eq | 10.2.0 | |
big-ip gtm | eq | 10.2.1 | |
big-ip gtm | eq | 10.2.2 | |
big-ip gtm | eq | 10.2.3 | |
big-ip gtm | eq | 10.2.4 | |
big-ip gtm | eq | 11.0.0 | |
big-ip gtm | eq | 11.1.0 | |
big-ip gtm | eq | 11.2.0 | |
big-ip gtm | eq | 11.2.1 |