CVE-2017-8817Out-of-bounds Read in Curl

CWE-125Out-of-bounds Read16 documents10 sources
Severity
9.8CRITICALNVD
EPSS
1.0%
top 23.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Haxx CurlHaxx LibcurlDebian Linux
Timeline
PublishedNov 29
Latest updateApr 16

Description

The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDhaxx/libcurl7.56.1
Debianhaxx/curl< 7.57.0-1+3
NVDhaxx/curl7.21.07.56.1

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

6
VulDB
cURL/libcURL up to 7.56.x FTP Wildcard out-of-bounds (RHSA-2018:3558 / Nessus ID 104861)2026-04-16
VulDB
Apple macOS up to 10.13.3 curl out-of-bounds (HT208465 / Nessus ID 104861)2026-04-16
GHSA
GHSA-9hfv-gh9c-vcfv: The FTP wildcard function in curl and libcurl before 72022-05-14
OSV
CVE-2017-8817: The FTP wildcard function in curl and libcurl before 72017-11-29
CVEList
CVE-2017-8817: The FTP wildcard function in curl and libcurl before 72017-11-29

📋Vendor Advisories

5
Apple
CVE-2017-8817: macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan2018-01-23
Ubuntu
curl vulnerability2017-12-04
Red Hat
curl: FTP wildcard out of bounds read2017-11-29
Ubuntu
curl vulnerabilities2017-11-29
Debian
CVE-2017-8817: curl - The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attack...2017

💬Community

4
Bugzilla
CVE-2017-8816 CVE-2017-8817 curl: various flaws [fedora-all]2017-11-29
Bugzilla
CVE-2017-8816 CVE-2017-8817 mingw-curl: various flaws [epel-7]2017-11-29
Bugzilla
CVE-2017-8816 CVE-2017-8817 mingw-curl: various flaws [fedora-all]2017-11-29
Bugzilla
CVE-2017-8817 curl: FTP wildcard out of bounds read2017-11-21
CVE-2017-8817 — Out-of-bounds Read in Haxx Curl | cvebase