CVE-2017-1000100 — Sensitive Information Exposure in Libcurl
Severity
6.5MEDIUMNVD
EPSS
1.0%
top 23.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 5
Latest updateMay 14
Description
When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) …
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages2 packages
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-86r8-52rx-6jcr: When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncat↗2022-05-14
OSV▶
CVE-2017-1000100: When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncat↗2017-10-05
CVEList▶
CVE-2017-1000100: When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncat↗2017-10-04
📋Vendor Advisories
5💬Community
4Bugzilla
▶
Bugzilla▶
CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000101 mingw-curl: various flaws [fedora-all]↗2017-08-09