Lucene search
F5F5:K16708HistoryMay 29, 2015 - 12:00 a.m.
K16708 : cURL and libcurl vulnerabilities CVE-2015-3144 and CVE-2015-3145
2015-05-2900:00:00
my.f5.com
14
Security Advisory Description
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by “<http://:80>” and “:80.”
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
Impact
None. F5 products are not affected by this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip gtm | eq | 10.1.0 | |
| big-ip gtm | eq | 10.2.0 | |
| big-ip gtm | eq | 10.2.1 | |
| big-ip gtm | eq | 10.2.2 | |
| big-ip gtm | eq | 10.2.3 | |
| big-ip gtm | eq | 10.2.4 | |
| big-ip gtm | eq | 11.0.0 | |
| big-ip gtm | eq | 11.1.0 | |
| big-ip gtm | eq | 11.2.0 | |
| big-ip gtm | eq | 11.2.1 |
Related
f5
f5
SOL16708 - cURL and libcurl vulnerabilities CVE-2015-3144 and CVE-2015-3145
2015-05-29 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-514)
2015-09-08 00:00:00
Fedora Update for curl FEDORA-2015-6695
2015-07-07 00:00:00
Debian Security Advisory DSA 3232-1 (curl - security update)
2015-04-22 00:00:00
kaspersky
kaspersky
KLA10566 Multiple vulnerabilities in cURL
2015-04-24 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.42.0-alt1
2015-04-22 00:00:00
nessus
nessus
Amazon Linux AMI : curl (ALAS-2015-514)
2015-04-27 00:00:00
Debian DSA-3232-1 : curl - security update
2015-04-23 00:00:00
Fedora 22 : curl-7.40.0-3.fc22 (2015-6695)
2015-04-27 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: curl-7.40.0-3.fc22
2015-04-26 12:43:00
[SECURITY] Fedora 21 Update: curl-7.37.0-14.fc21
2015-05-02 18:11:42
[SECURITY] Fedora 21 Update: mingw-curl-7.42.0-1.fc21
2015-05-04 15:28:35
osv
osv
curl - security update
2015-04-22 00:00:00
amazon
amazon
Medium: curl
2015-04-22 16:14:00
debian
debian
[SECURITY] [DSA 3232-1] curl security update
2015-04-22 12:08:24
securityvulns
securityvulns
[USN-2591-1] curl vulnerabilities
2015-05-05 00:00:00
cURL security vulnerabilitiies
2015-11-01 00:00:00
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006
2015-08-17 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2015-04-30 00:00:00
debiancve
debiancve
CVE-2015-3145
2015-04-24 14:59:10
CVE-2015-3144
2015-04-24 14:59:09
checkpoint_advisories
checkpoint_advisories
cURL and libcurl Cookie Path Parsing Remote Code Execution (CVE-2015-3145)
2015-07-22 00:00:00
ubuntucve
ubuntucve
CVE-2015-3145
2015-04-22 00:00:00
CVE-2015-3144
2015-04-22 00:00:00
nvd
nvd
CVE-2015-3144
2015-04-24 14:59:09
CVE-2015-3145
2015-04-24 14:59:10
cvelist
cvelist
CVE-2015-3144
2015-04-24 14:00:00
CVE-2015-3145
2015-04-24 14:00:00
cve
cve
CVE-2015-3144
2015-04-24 14:59:09
CVE-2015-3145
2015-04-24 14:59:10
archlinux
archlinux
curl: multiple issues
2015-04-24 00:00:00
prion
prion
Out-of-bounds
2015-04-24 14:59:00
Out-of-bounds
2015-04-24 14:59:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2015-09-24 00:00:00
slackware
slackware
[slackware-security] curl
2015-10-29 22:48:27
mageia
mageia
Updated curl packages fix security vulnerabilities
2015-05-03 03:19:16
hackerone
hackerone
Imgur: SSRF in https://imgur.com/vidgif/url
2016-02-10 18:53:22
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00
Oracle Critical Patch Update Advisory - October 2015
2015-10-20 00:00:00