Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-3144
HistoryApr 22, 2015 - 12:00 a.m.

CVE-2015-3144

2015-04-2200:00:00
ubuntu.com
ubuntu.com
17

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

EPSS

0.066

Percentile

93.9%

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does
not properly calculate an index, which allows remote attackers to cause a
denial of service (out-of-bounds read or write and crash) or possibly have
other unspecified impact via a zero-length host name, as demonstrated by
“http://:80” and “:80.”

Notes

Author Note
mdeslaur 7.37.0+
OSVersionArchitecturePackageVersionFilename
ubuntu14.10noarchcurl< 7.37.1-1ubuntu3.4UNKNOWN
ubuntu15.04noarchcurl< 7.38.0-3ubuntu2.2UNKNOWN

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

EPSS

0.066

Percentile

93.9%