Lucene search
AmazonALAS-2017-889HistoryAug 31, 2017 - 5:19 p.m.
Medium: curl
2017-08-3117:19:00
alas.aws.amazon.com
18
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
0.004 Low
EPSS
Percentile
73.2%
Issue Overview:
FILE buffer read out of bounds (CVE-2017-1000099)
TFTP sends more than buffer size (CVE-2017-1000100)
URL globbing out of bounds read (CVE-2017-1000101)
Affected Packages:
curl
Issue Correction:
Run yum update curl to update your system.
New Packages:
i686:
curl-7.51.0-9.75.amzn1.i686
curl-debuginfo-7.51.0-9.75.amzn1.i686
libcurl-devel-7.51.0-9.75.amzn1.i686
libcurl-7.51.0-9.75.amzn1.i686
src:
curl-7.51.0-9.75.amzn1.src
x86_64:
libcurl-devel-7.51.0-9.75.amzn1.x86_64
curl-7.51.0-9.75.amzn1.x86_64
curl-debuginfo-7.51.0-9.75.amzn1.x86_64
libcurl-7.51.0-9.75.amzn1.x86_64
Additional References
Red Hat: CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | curl | < 7.51.0-9.75.amzn1 | curl-7.51.0-9.75.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | curl-debuginfo | < 7.51.0-9.75.amzn1 | curl-debuginfo-7.51.0-9.75.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | libcurl-devel | < 7.51.0-9.75.amzn1 | libcurl-devel-7.51.0-9.75.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | libcurl | < 7.51.0-9.75.amzn1 | libcurl-7.51.0-9.75.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | libcurl-devel | < 7.51.0-9.75.amzn1 | libcurl-devel-7.51.0-9.75.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | curl | < 7.51.0-9.75.amzn1 | curl-7.51.0-9.75.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | curl-debuginfo | < 7.51.0-9.75.amzn1 | curl-debuginfo-7.51.0-9.75.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | libcurl | < 7.51.0-9.75.amzn1 | libcurl-7.51.0-9.75.amzn1.x86_64.rpm |
Related
slackware
slackware
[slackware-security] curl
2017-08-09 20:47:02
nessus
nessus
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : curl (SSA:2017-221-01)
2017-08-11 00:00:00
FreeBSD : cURL -- multiple vulnerabilities (69cfa386-7cd0-11e7-867f-b499baebfeaf)
2017-08-10 00:00:00
Amazon Linux AMI : curl (ALAS-2017-889)
2017-09-01 00:00:00
archlinux
archlinux
[ASA-201708-16] curl: information disclosure
2017-08-22 00:00:00
[ASA-201710-4] lib32-libcurl-gnutls: multiple issues
2017-10-05 00:00:00
[ASA-201710-7] libcurl-compat: multiple issues
2017-10-05 00:00:00
mageia
mageia
Updated curl packages fix security vulnerabilities
2017-08-19 12:58:33
Updated curl packages fix security vulnerability
2018-01-03 19:40:26
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.55.0-alt1
2017-08-09 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2017-0281)
2022-01-28 00:00:00
Slackware: Security Advisory (SSA:2017-221-01)
2022-04-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:2174-1)
2021-04-19 00:00:00
freebsd
freebsd
cURL -- multiple vulnerabilities
2017-08-09 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: curl-7.53.1-10.fc26
2017-08-13 20:56:17
[SECURITY] Fedora 25 Update: curl-7.51.0-9.fc25
2017-08-14 00:56:15
gentoo
gentoo
cURL: Multiple vulnerabilities
2017-09-17 00:00:00
debian
debian
[SECURITY] [DSA 3992-1] curl security update
2017-10-06 20:43:43
[SECURITY] [DSA 3992-1] curl security update
2017-10-06 20:43:43
[SECURITY] [DLA 1062-1] curl security update
2017-08-20 16:48:29
osv
osv
curl - security update
2017-10-06 00:00:00
CVE-2017-1000099
2017-10-05 01:29:04
CVE-2017-1000100
2017-10-05 01:29:04
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2017-0045
2017-11-17 00:00:00
Critical Photon OS Security Update - PHSA-2017-0002
2017-11-17 00:00:00
Critical Photon OS Security Update - PHSA-2017-0082
2017-11-08 00:00:00
alpinelinux
alpinelinux
CVE-2017-1000099
2017-10-05 01:29:04
CVE-2017-1000101
2017-10-05 01:29:04
CVE-2017-1000100
2017-10-05 01:29:04
debiancve
debiancve
CVE-2017-1000099
2017-10-05 01:29:04
CVE-2017-1000101
2017-10-05 01:29:04
CVE-2017-1000100
2017-10-05 01:29:04
redhatcve
redhatcve
CVE-2017-1000099
2017-08-09 06:50:00
CVE-2017-1000101
2017-08-09 06:49:45
CVE-2017-1000100
2017-08-09 06:49:28
cve
cve
CVE-2017-1000099
2017-10-05 01:29:04
CVE-2017-1000101
2017-10-05 01:29:04
CVE-2017-1000100
2017-10-05 01:29:04
cvelist
cvelist
CVE-2017-1000099
2017-10-04 01:00:00
CVE-2017-1000101
2017-10-04 01:00:00
CVE-2017-1000100
2017-10-04 01:00:00
veracode
veracode
Information Disclosure
2020-05-10 23:24:44
Out Of Bounds (OOB) Read Through URL Globbing
2018-05-31 03:37:33
Information Disclosure
2018-06-13 08:11:02
nvd
nvd
CVE-2017-1000099
2017-10-05 01:29:04
CVE-2017-1000101
2017-10-05 01:29:04
CVE-2017-1000100
2017-10-05 01:29:04
ubuntucve
ubuntucve
CVE-2017-1000099
2017-10-05 00:00:00
CVE-2017-1000101
2017-10-04 00:00:00
CVE-2017-1000100
2017-10-04 00:00:00
prion
prion
cloudfoundry
cloudfoundry
USN-3441-1: curl vulnerabilities | Cloud Foundry
2017-11-01 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2017-10-10 00:00:00
curl vulnerabilities
2017-10-23 00:00:00
hackerone
hackerone
Internet Bug Bounty: CVE-2017-1000101: cURL: URL globbing out of bounds read
2017-08-01 18:13:51
ibm
ibm
suse
suse
Security update for CaaS Platform 1.0 images (important)
2017-09-14 21:11:54
Security update for SLES 12-SP2 Docker image (important)
2017-10-11 03:08:09
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
redhat
redhat
(RHSA-2018:3558) Moderate: httpd24 security, bug fix, and enhancement update
2018-11-13 08:00:33
androidsecurity
androidsecurity
Pixel / Nexus Security Bulletin—August 2018
2018-08-06 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
0.004 Low
EPSS
Percentile
73.2%
Related for ALAS-2017-889