Lucene search
Ubuntu.comUB:CVE-2015-3237HistoryJun 17, 2015 - 12:00 a.m.
CVE-2015-3237
2015-06-1700:00:00
ubuntu.com
ubuntu.com
8
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.011 Low
EPSS
Percentile
84.4%
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1
allows remote SMB servers to obtain sensitive information from memory or
cause a denial of service (out-of-bounds read and crash) via crafted length
and offset values.
Notes
| Author | Note |
|---|---|
| mdeslaur | only affects 7.40.0+ |
Related
debiancve
debiancve
CVE-2015-3237
2015-06-22 19:59:00
prion
prion
Out-of-bounds
2015-06-22 19:59:00
ibm
ibm
cve
cve
CVE-2015-3237
2015-06-22 19:59:00
fedora
fedora
[SECURITY] Fedora 22 Update: curl-7.40.0-5.fc22
2015-06-24 15:59:29
nessus
nessus
Oracle GlassFish Server 3.1.2.x < 3.1.2.15 Multiple Vulnerabilities (July 2016 CPU)
2016-07-20 00:00:00
Amazon Linux AMI : curl (ALAS-2015-551)
2015-06-22 00:00:00
openvas
openvas
Fedora Update for curl FEDORA-2015-10155
2015-07-07 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-551)
2015-09-08 00:00:00
Mageia: Security Advisory (MGASA-2015-0263)
2015-10-15 00:00:00
kaspersky
kaspersky
KLA10618 Information disclosure vulnerability in cURL
2015-06-22 00:00:00
freebsd
freebsd
cURL -- Multiple Vulnerability
2015-06-17 00:00:00
archlinux
archlinux
curl: information leakage
2015-06-22 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.43.0-alt1
2015-06-19 00:00:00
mageia
mageia
Updated curl package fixes security vulnerability
2015-07-05 20:22:03
amazon
amazon
Medium: curl
2015-06-18 20:48:00
hackerone
hackerone
Imgur: SSRF in https://imgur.com/vidgif/url
2016-02-10 18:53:22
slackware
slackware
[slackware-security] curl
2015-10-29 22:48:27
gentoo
gentoo
cURL: Multiple vulnerabilities
2015-09-24 00:00:00
securityvulns
securityvulns
cURL security vulnerabilitiies
2015-11-01 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00
Oracle Critical Patch Update Advisory - January 2017
2017-01-17 00:00:00
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.011 Low
EPSS
Percentile
84.4%
Related for UB:CVE-2015-3237