PT-2015-6075 · Curl+4 · Libcurl+5

Hanno Böck

Published

2015-04-22

Updated

2024-06-15

CVE-2015-3144

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions cURL and libcurl versions 7.37.0 through 7.41.0

Description The issue arises from the fix hostname() function, which fails to properly handle a zero-length host name in a URL, such as "http://:80" or ":80". This can lead to an out-of-bounds read or write and cause a denial of service (crash). The function incorrectly indexes the hostname pointer with a -1 offset when encountering a zero-length hostname, potentially resulting in a crash or other unspecified impacts.

Recommendations For cURL and libcurl versions 7.37.0 through 7.41.0, consider avoiding the use of URLs with zero-length hostnames until a patch is available. As a temporary workaround, restrict the input to the fix hostname() function to prevent zero-length hostnames from being processed.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-124CWE-119

Related Identifiers

ALT-PU-2015-1396

CVE-2015-3144

DSA-3232-1

OPENSUSE-SU-2024:10303-1

SUSE-SU-2015:0990-1

USN-2591-1

Affected Products

Alt Linux

Junos

Suse

Ubuntu

Curl

Libcurl

PT-2015-6075 · Curl+4 · Libcurl+5

CVE-2015-3144

Weakness Enumeration

Related Identifiers

Affected Products

References · 72