Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-3145
HistoryApr 22, 2015 - 12:00 a.m.

CVE-2015-3145

2015-04-2200:00:00
ubuntu.com
ubuntu.com
22

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.881

Percentile

98.7%

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0
does not properly calculate an index, which allows remote attackers to
cause a denial of service (out-of-bounds write and crash) or possibly have
other unspecified impact via a cookie path containing only a double-quote
character.

Notes

Author Note
mdeslaur 7.31.0+
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchcurl< 7.35.0-1ubuntu2.5UNKNOWN
ubuntu14.10noarchcurl< 7.37.1-1ubuntu3.4UNKNOWN
ubuntu15.04noarchcurl< 7.38.0-3ubuntu2.2UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.881

Percentile

98.7%