cURL and libcurl Denial of Service Vulnerabilities (CNVD-2015-02754)

CURL is a set of file transfer tools that utilize URL syntax to work at the command line.Libcurl is a free, open source client-side URL transfer library. A security vulnerability exists in the 'fixhostname' function in cURL and libcurl versions 7.37.0 through 7.41.0, which stems from the program'...

DEBIAN-CVE-2015-3144

The fixhostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service out-of-bounds read or write and crash or possibly have other unspecified impact via a zero-length host name, as demonstrated by...

hostname out of boundary memory access

There is a private function in libcurl called fixhostname that removes a trailing dot from the hostname if there is one. The function is called after the hostname has been extracted from the URL libcurl has been told to act on. If a URL is given with a zero-length hostname, like in "http://:80" o...

UBUNTU-CVE-2015-3144

The fixhostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service out-of-bounds read or write and crash or possibly have other unspecified impact via a zero-length host name, as demonstrated by...