Lucene search

[email protected]CVE-2015-3145

HistoryApr 24, 2015 - 2:59 p.m.

CVE-2015-3145

2015-04-2414:59:10

CWE-119

[email protected]

web.nvd.nist.gov

curl

libcurl

cve-2015-3145

security

dos

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.4 High

AI Score

Confidence

High

0.881 High

EPSS

Percentile

98.7%

JSON

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

Affected configurations

NVD

Node

fedoraprojectfedoraMatch21

fedoraprojectfedoraMatch22

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch14.10

canonicalubuntu_linuxMatch15.04

debiandebian_linuxMatch7.0

Node

haxxcurlMatch7.31.0

haxxcurlMatch7.32.0

haxxcurlMatch7.33.0

haxxcurlMatch7.34.0

haxxcurlMatch7.35.0

haxxcurlMatch7.36.0

haxxcurlMatch7.37.0

haxxcurlMatch7.37.1

haxxcurlMatch7.38.0

haxxcurlMatch7.39.0

haxxcurlMatch7.40.0

haxxcurlMatch7.41.0

Node

applemac_os_xMatch10.10.0

applemac_os_xMatch10.10.1

applemac_os_xMatch10.10.2

applemac_os_xMatch10.10.3

applemac_os_xMatch10.10.4

Node

oraclesolarisMatch11.3

Node

haxxlibcurlMatch7.30.0

haxxlibcurlMatch7.31.0

haxxlibcurlMatch7.32.0

haxxlibcurlMatch7.33.0

haxxlibcurlMatch7.34.0

haxxlibcurlMatch7.35.0

haxxlibcurlMatch7.36.0

haxxlibcurlMatch7.37.0

haxxlibcurlMatch7.37.1

haxxlibcurlMatch7.38.0

haxxlibcurlMatch7.39

haxxlibcurlMatch7.40.0

haxxlibcurlMatch7.41.0

Node

hpsystem_management_homepageRange≤7.5.3.1

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

CPENameOperatorVersion
fedoraproject:fedorafedoraproject fedoraeq21
fedoraproject:fedorafedoraproject fedoraeq22

CPE	Name	Operator	Version
fedoraproject:fedora	fedoraproject fedora	eq	21
fedoraproject:fedora	fedoraproject fedora	eq	22

References

advisories.mageia.org/MGASA-2015-0179.html

curl.haxx.se/docs/adv_20150422C.html

kb.juniper.net/InfoCenter/index?page=content&id=JSA10743

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html

lists.opensuse.org/opensuse-updates/2015-04/msg00057.html

www.debian.org/security/2015/dsa-3232

www.mandriva.com/security/advisories?name=MDVSA-2015:219

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

www.securityfocus.com/bid/74303

www.securitytracker.com/id/1032232

www.ubuntu.com/usn/USN-2591-1

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763

security.gentoo.org/glsa/201509-02

support.apple.com/kb/HT205031

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.4 High

AI Score

Confidence

High

0.881 High

EPSS

Percentile

98.7%

JSON

Related for CVE-2015-3145

checkpoint_advisories1 ubuntucve1 debiancve1 prion1 cvelist1 nvd1 f52 ibm3 openvas15 mageia1 nessus19 fedora5 kaspersky1 altlinux1 debian1 amazon1 osv1 ubuntu1 securityvulns4 archlinux1 gentoo1 slackware1 oracle1