PT-2017-10806 · Curl+3 · Curl+3

Brian Carpenter

Published

2017-08-09

Updated

2026-05-18

CVE-2017-1000101

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions curl (affected versions not specified)

Description The issue arises from the "globbing" function in curl that parses numerical ranges in URLs. If a user provides a carefully crafted or wrongly written URL, curl may read a byte beyond the end of the URL. This can lead to incorrect behavior instead of crashing, as the URL is stored in a heap-based buffer. An example of a URL that triggers this flaw is http://ur%20[0-60000000000000000000.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Over-read

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-126CWE-119

Related Identifiers

ALT-PU-2017-2036

ALT-PU-2017-2049

ALT-PU-2018-2456

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2017-1000101

DSA-3992-1

MGASA-2017-0281

MGASA-2018-0053

OPENSUSE-SU-2024:10582-1

RHSA-2018:3558

SUSE-SU-2017:2174-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

USN-3441-1

Affected Products

Alt Linux

Suse

Ubuntu

Curl

PT-2017-10806 · Curl+3 · Curl+3

CVE-2017-1000101

Weakness Enumeration

Related Identifiers

Affected Products

References · 357