CVE-2015-3145
published 2015-04-24CVE-2015-3145: The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a…
PriorityP348high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
37.63%
98.4th percentile
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
Affected
48 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | os_x_yosemite_v10.10.5_and_security_update_2015-006 | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | curl | < curl 7.42.0-1 (bookworm) | curl 7.42.0-1 (bookworm) |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| haxx | curl | — | — |
| haxx | curl | — | — |
| haxx | curl | — | — |
| haxx | curl | — | — |
| haxx | curl | — | — |
| haxx | curl | — | — |
| haxx | curl | — | — |
| haxx | curl | — | — |
| haxx | curl | — | — |
| haxx | curl | — | — |
| haxx | curl | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered by a malicious HTTP server sending a Set-Cookie header with a path element consisting solely of a double-quote character, causing an out-of-bounds write in sanitize_cookie_path. ↗
- →Monitor for specially crafted Set-Cookie response headers where the 'path' attribute value is a bare double-quote character ("), which triggers the vulnerable code path in libcurl 7.31.0–7.41.0. ↗
- →Affected versions are cURL/libcurl 7.31.0 through 7.41.0; presence of these versions processing untrusted cookies should be flagged. ↗
- ·Red Hat Enterprise Linux 5, 6, and 7 ship a version of curl that is NOT affected by this vulnerability. ↗
- ·On Ubuntu, this issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10, and Ubuntu 15.04; earlier/later releases are not impacted. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c7m9-x5vw-4grr: The sanitize_cookie_path function in cURL and libcurl 7
ghsa_unreviewed·2022-05-14
CVE-2015-3145 [HIGH] CWE-119 GHSA-c7m9-x5vw-4grr: The sanitize_cookie_path function in cURL and libcurl 7
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
OSV
curl vulnerabilities
osv·2015-04-30·CVSS 5.0
CVE-2015-3143 [MEDIUM] curl vulnerabilities
curl vulnerabilities
Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP
credentials when subsequently connecting to the same host over HTTP.
(CVE-2015-3143)
Hanno Böck discovered that curl incorrectly handled zero-length host names.
If a user or automated system were tricked into using a specially crafted
host name, an attacker could possibly use this issue to cause curl to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.10 and Ubuntu 15.04.
(CVE-2015-3144)
Hanno Böck discovered that curl incorrectly handled cookie path elements.
If a user or automated system were tricked into parsing a specially crafted
cookie, an attacker could possibly use this issue to cause curl to crash,
resulting in a denial of serv
OSV
CVE-2015-3145: The sanitize_cookie_path function in cURL and libcurl 7
osv·2015-04-24·CVSS 7.5
CVE-2015-3145 [HIGH] CVE-2015-3145: The sanitize_cookie_path function in cURL and libcurl 7
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
Ubuntu
curl vulnerabilities
vendor_ubuntu·2015-04-30·CVSS 5.0
CVE-2015-3143 [MEDIUM] curl vulnerabilities
Title: curl vulnerabilities
Summary: Several security issues were fixed in curl.
Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP
credentials when subsequently connecting to the same host over HTTP.
(CVE-2015-3143)
Hanno Böck discovered that curl incorrectly handled zero-length host names.
If a user or automated system were tricked into using a specially crafted
host name, an attacker could possibly use this issue to cause curl to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.10 and Ubuntu 15.04.
(CVE-2015-3144)
Hanno Böck discovered that curl incorrectly handled cookie path elements.
If a user or automated system were tricked into parsing a specially crafted
cookie, an attacker could possibly use thi
Red Hat
curl: cookie parser out of boundary memory access
vendor_redhat·2015-04-22·CVSS 7.5
CVE-2015-3145 [HIGH] CWE-125 curl: cookie parser out of boundary memory access
curl: cookie parser out of boundary memory access
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
It was discovered that libcurl did not properly process cookies with a specially crafted "path" element. If an application using libcurl connected to a malicious HTTP server sending specially crafted "Set-Cookies" headers, this could lead to an out-of-bounds read, and possibly cause that application to crash.
Statement: Not vulnerable. This issue does not affect the version of curl as shipped with Red Hat Enterprise Linux 5, 6 and 7.
P
Debian
CVE-2015-3145: curl - The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does...
vendor_debian·2015·CVSS 7.5
CVE-2015-3145 [HIGH] CVE-2015-3145: curl - The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does...
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
Scope: local
bookworm: resolved (fixed in 7.42.0-1)
bullseye: resolved (fixed in 7.42.0-1)
forky: resolved (fixed in 7.42.0-1)
sid: resolved (fixed in 7.42.0-1)
trixie: resolved (fixed in 7.42.0-1)
Apple
CVE-2015-3145: OS X Yosemite v10.10.5 and Security Update 2015-006
vendor_apple·CVSS 7.5
CVE-2015-3145 [HIGH] CVE-2015-3145: OS X Yosemite v10.10.5 and Security Update 2015-006
Apple Security Update: About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006
Product: OS X Yosemite v10.10.5 and Security Update 2015-006
CVE: CVE-2015-3145
Component: CVE-2015-3145
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-3143 CVE-2015-3148 CVE-2015-3145 CVE-2015-3144 mingw-curl: various flaws [epel-7]
bugzilla·2015-04-23·CVSS 5.0
CVE-2015-3143 [MEDIUM] CVE-2015-3143 CVE-2015-3148 CVE-2015-3145 CVE-2015-3144 mingw-curl: various flaws [epel-7]
CVE-2015-3143 CVE-2015-3148 CVE-2015-3145 CVE-2015-3144 mingw-curl: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for mingw-curl: se
Bugzilla
CVE-2015-3143 CVE-2015-3148 CVE-2015-3145 CVE-2015-3144 mingw-curl: various flaws [fedora-all]
bugzilla·2015-04-23·CVSS 5.0
CVE-2015-3143 [MEDIUM] CVE-2015-3143 CVE-2015-3148 CVE-2015-3145 CVE-2015-3144 mingw-curl: various flaws [fedora-all]
CVE-2015-3143 CVE-2015-3148 CVE-2015-3145 CVE-2015-3144 mingw-curl: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple suppo
Bugzilla
CVE-2015-3145 curl: cookie parser out of boundary memory access [fedora-all]
bugzilla·2015-04-22·CVSS 7.5
CVE-2015-3145 [HIGH] CVE-2015-3145 curl: cookie parser out of boundary memory access [fedora-all]
CVE-2015-3145 curl: cookie parser out of boundary memory access [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of F
Bugzilla
CVE-2015-3145 curl: cookie parser out of boundary memory access
bugzilla·2015-04-20·CVSS 7.5
CVE-2015-3145 [HIGH] CVE-2015-3145 curl: cookie parser out of boundary memory access
CVE-2015-3145 curl: cookie parser out of boundary memory access
libcurl supports HTTP "cookies" as documented in RFC 6265. Together with each
individual cookie there are several different properties, but for this
vulnerability we focus on the associated "path" element. It tells information
about for which path on a given host the cookies is valid.
The internal libcurl function called `sanitize_cookie_path()` that cleans up
the path element as given to it from a remote site or when read from a file,
did not properly validate the input. If given a path that consisted of a
single double-quote, libcurl would index a newly allocated memory area with
index -1 and assign a zero to it, thus destroying heap memory it wasn't
supposed to.
At best, this gets unnoticed but can also lead to a crash o
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
arxiv_fulltext·2022-12-29
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
## Abstract
Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l
http://advisories.mageia.org/MGASA-2015-0179.htmlhttp://curl.haxx.se/docs/adv_20150422C.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.htmlhttp://lists.opensuse.org/opensuse-updates/2015-04/msg00057.htmlhttp://www.debian.org/security/2015/dsa-3232http://www.mandriva.com/security/advisories?name=MDVSA-2015:219http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.securityfocus.com/bid/74303http://www.securitytracker.com/id/1032232http://www.ubuntu.com/usn/USN-2591-1https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763https://security.gentoo.org/glsa/201509-02https://support.apple.com/kb/HT205031http://advisories.mageia.org/MGASA-2015-0179.htmlhttp://curl.haxx.se/docs/adv_20150422C.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.htmlhttp://lists.opensuse.org/opensuse-updates/2015-04/msg00057.htmlhttp://www.debian.org/security/2015/dsa-3232http://www.mandriva.com/security/advisories?name=MDVSA-2015:219http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.securityfocus.com/bid/74303http://www.securitytracker.com/id/1032232http://www.ubuntu.com/usn/USN-2591-1https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763https://security.gentoo.org/glsa/201509-02https://support.apple.com/kb/HT205031
2015-04-24
Published