CVE-2017-8817: The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or…

CVE-2017-8817 [CRITICAL] cURL/libcURL up to 7.56.x FTP Wildcard out-of-bounds (RHSA-2018:3558 / Nessus ID 104861) A vulnerability classified as critical has been found in cURL and libcURL up to 7.56.x. This impacts an unknown function of the component FTP Wildcard Handler. This manipulation with the input [ causes out-of-bounds read. This vulnerability appears as CVE-2017-8817. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

CVE-2017-8817 [CRITICAL] Apple macOS up to 10.13.3 curl out-of-bounds (HT208465 / Nessus ID 104861) A vulnerability classified as critical was found in Apple macOS up to 10.13.3. Affected by this vulnerability is an unknown functionality of the component curl. Such manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2017-8817. The attack may be launched remotely. There is no exploit available. It is best practice to apply a patch to resolve this issue.

CVE-2017-8817 [CRITICAL] CWE-125 GHSA-9hfv-gh9c-vcfv: The FTP wildcard function in curl and libcurl before 7 The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.

CVE-2017-8816 [CRITICAL] curl vulnerabilities curl vulnerabilities Alex Nichols discovered that curl incorrectly handled NTLM authentication credentials. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10. (CVE-2017-8816) It was discovered that curl incorrectly handled FTP wildcard matching. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2017-8817)

CVE-2017-8817 [CRITICAL] CVE-2017-8817: The FTP wildcard function in curl and libcurl before 7 The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.

CVE-2017-8817 [CRITICAL] CVE-2017-8817: macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan Apple Security Update: About the security content of macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan Product: macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan CVE: CVE-2017-8817 Component: Audio Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation.

CVE-2017-8817 [CRITICAL] curl vulnerability Title: curl vulnerability Summary: curl could be made to crash if it received specially crafted input. USN-3498-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that curl incorrectly handled FTP wildcard matching. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2017-8817) Instructions: In general, a standard system update will make all the necessary changes.

CVE-2017-8817 [CRITICAL] CWE-125 curl: FTP wildcard out of bounds read curl: FTP wildcard out of bounds read The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character. Package: rh-dotnetcore10-curl (.NET Core 1.0 on Red Hat Enterprise Linux) - Out of support scope Package: rh-dotnetcore11-curl (.NET Core 1.1 on Red Hat Enterprise Linux) - Out of support scope Package: rh-dotnet20-curl (.NET Core 2.0 on Red Hat Enterprise Linux) - Out of support scope Package: rh-dotnet21-curl (.NET Core 2.1 on Red Hat Enterprise Linux) - Will not fix Package: curl (Red Hat Enterprise Linux 5) - Not affected Package: curl (Red Hat Enterprise Linux 6) - Not affected Package: curl (Red Hat

CVE-2017-8816 [CRITICAL] curl vulnerabilities Title: curl vulnerabilities Summary: Several security issues were fixed in curl. Alex Nichols discovered that curl incorrectly handled NTLM authentication credentials. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10. (CVE-2017-8816) It was discovered that curl incorrectly handled FTP wildcard matching. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2017-8817) Instructions: In general, a standard system update will make all the necessary changes.

CVE-2017-8817 [CRITICAL] CVE-2017-8817: curl - The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attack... The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character. Scope: local bookworm: resolved (fixed in 7.57.0-1) bullseye: resolved (fixed in 7.57.0-1) forky: resolved (fixed in 7.57.0-1) sid: resolved (fixed in 7.57.0-1) trixie: resolved (fixed in 7.57.0-1)

CVE-2017-8816 [CRITICAL] CVE-2017-8816 CVE-2017-8817 curl: various flaws [fedora-all] CVE-2017-8816 CVE-2017-8817 curl: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While

CVE-2017-8816 [CRITICAL] CVE-2017-8816 CVE-2017-8817 mingw-curl: various flaws [epel-7] CVE-2017-8816 CVE-2017-8817 mingw-curl: various flaws [epel-7] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-7. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. Discussion: Use the following template to for the 'fedpkg update' requ

CVE-2017-8816 [CRITICAL] CVE-2017-8816 CVE-2017-8817 mingw-curl: various flaws [fedora-all] CVE-2017-8816 CVE-2017-8817 mingw-curl: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora.

CVE-2017-8817 [CRITICAL] CVE-2017-8817 curl: FTP wildcard out of bounds read CVE-2017-8817 curl: FTP wildcard out of bounds read libcurl contains a read out of bounds flaw in the FTP wildcard function. libcurl's FTP wildcard matching feature, which is enabled with the `CURLOPT_WILDCARDMATCH` option can use a built-in wildcard function or a user provided one. The built-in wildcard function has a flaw that makes it not detect the end of the pattern string if it ends with an open bracket (`[`) but instead it will continue reading the heap beyond the end of the URL buffer that holds the wildcard. For applications that use HTTP(S) URLs, allow libcurl to handle redirects and have FTP wildcards enabled, this flaw can be triggered by malicious servers that can redirect clients to a URL using such a wildcard pattern. - Affected versions: libcurl 7.21.0 to and including