CVE-2015-3145Improper Restriction of Operations within the Bounds of a Memory Buffer in Curl

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds ReadCWE-129Improper Validation of Array IndexCWE-131Incorrect Calculation of Buffer SizeCWE-193Off-by-one Error12 documents9 sources
Severity
7.5HIGHNVD
EPSS
63.7%
top 1.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Haxx CurlHP System Management HomepageApple MAC OS X+6 more
Timeline
PublishedApr 24
Latest updateMay 14

Description

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages7 packages

NVDhaxx/libcurl13 versions+12
Debianhaxx/curl< 7.42.0-1+3
NVDhaxx/curl12 versions+11
NVDapple/mac_os_x5 versions+4

Also affects: Debian Linux 7.0, Fedora 21, 22, Ubuntu Linux 12.04, 14.04, 14.10, 15.04

🔴Vulnerability Details

3
GHSA
GHSA-c7m9-x5vw-4grr: The sanitize_cookie_path function in cURL and libcurl 72022-05-14
OSV
CVE-2015-3145: The sanitize_cookie_path function in cURL and libcurl 72015-04-24
CVEList
CVE-2015-3145: The sanitize_cookie_path function in cURL and libcurl 72015-04-24

📋Vendor Advisories

4
Ubuntu
curl vulnerabilities2015-04-30
Red Hat
curl: cookie parser out of boundary memory access2015-04-22
Debian
CVE-2015-3145: curl - The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does...2015
Apple
CVE-2015-3145: OS X Yosemite v10.10.5 and Security Update 2015-006

💬Community

4
Bugzilla
CVE-2015-3143 CVE-2015-3148 CVE-2015-3145 CVE-2015-3144 mingw-curl: various flaws [epel-7]2015-04-23
Bugzilla
CVE-2015-3143 CVE-2015-3148 CVE-2015-3145 CVE-2015-3144 mingw-curl: various flaws [fedora-all]2015-04-23
Bugzilla
CVE-2015-3145 curl: cookie parser out of boundary memory access [fedora-all]2015-04-22
Bugzilla
CVE-2015-3145 curl: cookie parser out of boundary memory access2015-04-20