Lucene search

RedhatCVE-2015-3237

HistoryJun 22, 2015 - 7:59 p.m.

CVE-2015-3237

2015-06-2219:59:04

CWE-20

redhat

web.nvd.nist.gov

curl

libcurl

cve-2015-3237

smb servers

remote exploitation

out-of-bounds read

denial of service

memory disclosure

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

AI Score

8.1

Confidence

High

EPSS

0.011

Percentile

84.7%

JSON

The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.

Affected configurations

Nvd

Node

haxxcurlMatch7.40.0

haxxcurlMatch7.41.0

haxxcurlMatch7.42.0

haxxcurlMatch7.42.1

haxxlibcurlMatch7.40.0

haxxlibcurlMatch7.41.0

haxxlibcurlMatch7.42.0

haxxlibcurlMatch7.42.1

Node

hpsystem_management_homepageRange≤7.5.3.1

Node

oracleenterprise_manager_ops_centerMatch12.1.4

oracleenterprise_manager_ops_centerMatch12.2.2

oracleenterprise_manager_ops_centerMatch12.3.2

oracleglassfish_serverMatch3.0.1

oracleglassfish_serverMatch3.1.2

VendorProductVersionCPE
haxxcurl7.40.0cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*
haxxcurl7.41.0cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*
haxxcurl7.42.0cpe:2.3:a:haxx:curl:7.42.0:*:*:*:*:*:*:*
haxxcurl7.42.1cpe:2.3:a:haxx:curl:7.42.1:*:*:*:*:*:*:*
haxxlibcurl7.40.0cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*
haxxlibcurl7.41.0cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*
haxxlibcurl7.42.0cpe:2.3:a:haxx:libcurl:7.42.0:*:*:*:*:*:*:*
haxxlibcurl7.42.1cpe:2.3:a:haxx:libcurl:7.42.1:*:*:*:*:*:*:*
hpsystem_management_homepage*cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*
oracleenterprise_manager_ops_center12.1.4cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
haxx	curl	7.40.0	cpe:2.3:a:haxx:curl:7.40.0:::::::*
haxx	curl	7.41.0	cpe:2.3:a:haxx:curl:7.41.0:::::::*
haxx	curl	7.42.0	cpe:2.3:a:haxx:curl:7.42.0:::::::*
haxx	curl	7.42.1	cpe:2.3:a:haxx:curl:7.42.1:::::::*
haxx	libcurl	7.40.0	cpe:2.3:a:haxx:libcurl:7.40.0:::::::*
haxx	libcurl	7.41.0	cpe:2.3:a:haxx:libcurl:7.41.0:::::::*
haxx	libcurl	7.42.0	cpe:2.3:a:haxx:libcurl:7.42.0:::::::*
haxx	libcurl	7.42.1	cpe:2.3:a:haxx:libcurl:7.42.1:::::::*
hp	system_management_homepage	*	cpe:2.3:a:hp:system_management_homepage::::::::
oracle	enterprise_manager_ops_center	12.1.4	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.4:::::::*