PT-2017-3342 · Curl+3 · Libcurl+3

Even Rouault

Published

2014-11-05

Updated

2026-05-18

CVE-2017-1000100

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions libcurl versions prior to the fixed version

Description The issue is related to a buffer overflow when using the TFTP protocol with libcurl. When a URL contains a very long file name (longer than about 515 bytes), the file name is truncated, but the buffer size is still updated to use the original length. This causes the sendto() function to read beyond the end of the heap-based buffer. A malicious HTTP(S) server could exploit this by redirecting a vulnerable libcurl-using client to a crafted TFTP URL, potentially allowing the server to receive private memory contents over UDP.

Recommendations For libcurl versions prior to the fixed version: Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT REDIR PROTOCOLS to prevent exploitation. As a temporary workaround, consider restricting the use of the TFTP protocol to minimize the risk of exploitation.

Fix

Buffer Over-read

Out of bounds Read

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-126CWE-125CWE-200

Related Identifiers

ALT-PU-2014-2327

ALT-PU-2017-2036

ALT-PU-2018-2456

BDU:2018-00107

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2017-1000100

DLA-1062-1

DSA-3992-1

MGASA-2017-0281

MGASA-2018-0053

OPENSUSE-SU-2024:10582-1

RHSA-2018:3558

SUSE-SU-2017:2174-1

SUSE-SU-2017:2312-1

SUSE-SU-2017:2354-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

SUSE-SU-2017_2174-1

USN-3441-1

USN-3441-2

Affected Products

Alt Linux

Suse

Ubuntu

Libcurl

PT-2017-3342 · Curl+3 · Libcurl+3

CVE-2017-1000100

Weakness Enumeration

Related Identifiers

Affected Products

References · 366