CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
84.7%
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.
Vendor | Product | Version | CPE |
---|---|---|---|
haxx | curl | 7.40.0 | cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:* |
haxx | curl | 7.41.0 | cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:* |
haxx | curl | 7.42.0 | cpe:2.3:a:haxx:curl:7.42.0:*:*:*:*:*:*:* |
haxx | curl | 7.42.1 | cpe:2.3:a:haxx:curl:7.42.1:*:*:*:*:*:*:* |
haxx | libcurl | 7.40.0 | cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:* |
haxx | libcurl | 7.41.0 | cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:* |
haxx | libcurl | 7.42.0 | cpe:2.3:a:haxx:libcurl:7.42.0:*:*:*:*:*:*:* |
haxx | libcurl | 7.42.1 | cpe:2.3:a:haxx:libcurl:7.42.1:*:*:*:*:*:*:* |
hp | system_management_homepage | * | cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:* |
oracle | enterprise_manager_ops_center | 12.1.4 | cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.4:*:*:*:*:*:*:* |
curl.haxx.se/docs/adv_20150617B.html
lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.html
www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.securityfocus.com/bid/75387
www.securityfocus.com/bid/91787
www.securitytracker.com/id/1036371
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
security.gentoo.org/glsa/201509-02
More