CVE-2015-3237
published 2015-06-22CVE-2015-3237: The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a…
medium6.4CVSS 3.1
AVNACLAuNCPINAP
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | curl | < curl 7.43.0-1 (bookworm) | curl 7.43.0-1 (bookworm) |
| haxx | curl | — | — |
| haxx | curl | — | — |
| haxx | curl | — | — |
| haxx | curl | — | — |
| haxx | curl | >= 0 < 7.43.0-1 | 7.43.0-1 |
| haxx | curl | >= 0 < 7.43.0-1 | 7.43.0-1 |
| haxx | curl | >= 0 < 7.43.0-1 | 7.43.0-1 |
| haxx | curl | >= 0 < 7.43.0-1 | 7.43.0-1 |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| hp | system_management_homepage | <= 7.5.3.1 | — |
| oracle | enterprise_manager_ops_center | — | — |
| oracle | enterprise_manager_ops_center | — | — |
| oracle | enterprise_manager_ops_center | — | — |
| oracle | glassfish_server | — | — |
| oracle | glassfish_server | — | — |
CVSS provenance
nvd6.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
osv6.4MEDIUM