CVE-2017-1000101
Published: 4 October 2017
curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.
Notes
| Author | Note |
|---|---|
| sbeattie | only affects curl command line tool, not libcurl introduced in 7.34.0 |
Priority
CVSS 3 base score: 6.5
Status
| Package | Release | Status |
|---|---|---|
|
curl Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
|
| trusty |
Released
(7.35.0-1ubuntu2.11)
|
|
| upstream |
Released
(7.55.0)
|
|
| xenial |
Released
(7.47.0-1ubuntu2.3)
|
|
| zesty |
Released
(7.52.1-4ubuntu1.2)
|
|
|
Patches: upstream: https://curl.haxx.se/CVE-2017-1000101.patch upstream: https://github.com/curl/curl/commit/453e7a7a03a2cec749abd3878a48e728c515cca7 |
||