CVE-2015-3145
Published: 22 April 2015
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
Notes
Author | Note |
---|---|
mdeslaur | 7.31.0+ |
Priority
Status
Package | Release | Status |
---|---|---|
curl Launchpad, Ubuntu, Debian |
upstream |
Released
(7.42.0)
|
lucid |
Not vulnerable
(7.19.7-1ubuntu1.11)
|
|
precise |
Not vulnerable
(7.22.0-3ubuntu4.12)
|
|
trusty |
Released
(7.35.0-1ubuntu2.5)
|
|
utopic |
Released
(7.37.1-1ubuntu3.4)
|
|
vivid |
Released
(7.38.0-3ubuntu2.2)
|
|
Patches: upstream: http://curl.haxx.se/CVE-2015-3145.patch |