CVE-2015-3144
published 2015-04-24CVE-2015-3144: The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of…
critical9CVSS 3.1
AVNACLAuSCCICAC
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_yosemite_v10.10.5_and_security_update_2015-006 | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | curl | < curl 7.42.0-1 (bookworm) | curl 7.42.0-1 (bookworm) |
| debian | debian_linux | — | — |
| haxx | curl | — | — |
| haxx | curl | — | — |
| haxx | curl | — | — |
| haxx | curl | — | — |
| haxx | curl | — | — |
| haxx | curl | — | — |
| haxx | curl | >= 0 < 7.42.0-1 | 7.42.0-1 |
| haxx | curl | >= 0 < 7.42.0-1 | 7.42.0-1 |
| haxx | curl | >= 0 < 7.42.0-1 | 7.42.0-1 |
| haxx | curl | >= 0 < 7.42.0-1 | 7.42.0-1 |
| haxx | curl | >= 0 < 7.35.0-1ubuntu2.5 | 7.35.0-1ubuntu2.5 |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| oracle | mysql_enterprise_monitor | <= 2.3.20 | — |
CVSS provenance
nvd9.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv9.0CRITICAL