PT-2017-10806 · Curl+3 · Curl+3

Brian Carpenter

Publicado

2017-08-09

Atualizado

2026-05-18

CVE-2017-1000101

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions curl (affected versions not specified)

Description The issue arises from the "globbing" function in curl that parses numerical ranges in URLs. If a user provides a carefully crafted or wrongly written URL, curl may read a byte beyond the end of the URL. This can lead to incorrect behavior instead of crashing, as the URL is stored in a heap-based buffer. An example of a URL that triggers this flaw is http://ur%20[0-60000000000000000000.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Over-read

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-126CWE-119

Identificadores relacionados

ALT-PU-2017-2036

ALT-PU-2017-2049

ALT-PU-2018-2456

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2017-1000101

DSA-3992-1

MGASA-2017-0281

MGASA-2018-0053

OPENSUSE-SU-2024:10582-1

RHSA-2018:3558

SUSE-SU-2017:2174-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

USN-3441-1

Produtos afetados

Alt Linux

Suse

Ubuntu

Curl

PT-2017-10806 · Curl+3 · Curl+3

CVE-2017-1000101

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 357