Lucene search
GoogleOSV:CVE-2017-1000101HistoryOct 05, 2017 - 1:29 a.m.
CVE-2017-1000101
2017-10-0501:29:04
Google
osv.dev
5
0.003 Low
EPSS
Percentile
71.1%
curl supports “globbing” of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be http://ur%20[0-60000000000000000000.
| CPE | Name | Operator | Version |
|---|---|---|---|
| curl | eq | 7.28.0-r0 | |
| curl | eq | 7.21.1-r0 | |
| curl | eq | curl-7_19_6 | |
| curl | eq | before_urldata_rename | |
| curl | eq | 7.47.0-r0 | |
| curl | eq | 7.49.1-r2 | |
| curl | eq | curl-7_9_7 | |
| curl | eq | 7.28.1-r0 | |
| curl | eq | curl-7_16_0 | |
| curl | eq | 7.31.0-r0 |
Related
prion
prion
Heap overflow
2017-10-05 01:29:00
nvd
nvd
CVE-2017-1000101
2017-10-05 01:29:04
alpinelinux
alpinelinux
CVE-2017-1000101
2017-10-05 01:29:04
cve
cve
CVE-2017-1000101
2017-10-05 01:29:04
ubuntucve
ubuntucve
CVE-2017-1000101
2017-10-04 00:00:00
redhatcve
redhatcve
CVE-2017-1000101
2017-08-09 06:49:45
veracode
veracode
Out Of Bounds (OOB) Read Through URL Globbing
2018-05-31 03:37:33
hackerone
hackerone
Internet Bug Bounty: CVE-2017-1000101: cURL: URL globbing out of bounds read
2017-08-01 18:13:51
cvelist
cvelist
CVE-2017-1000101
2017-10-04 01:00:00
debiancve
debiancve
CVE-2017-1000101
2017-10-05 01:29:04
fedora
fedora
[SECURITY] Fedora 26 Update: curl-7.53.1-10.fc26
2017-08-13 20:56:17
[SECURITY] Fedora 25 Update: curl-7.51.0-9.fc25
2017-08-14 00:56:15
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:2174-1)
2021-04-19 00:00:00
Fedora Update for curl FEDORA-2017-f1ffd18079
2017-08-14 00:00:00
Fedora Update for curl FEDORA-2017-f2df9d7772
2017-08-14 00:00:00
nessus
nessus
SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2017:2174-1)
2017-08-17 00:00:00
openSUSE Security Update : curl (openSUSE-2017-951)
2017-08-18 00:00:00
Debian DSA-3992-1 : curl - security update
2017-10-09 00:00:00
debian
debian
[SECURITY] [DSA 3992-1] curl security update
2017-10-06 20:43:43
[SECURITY] [DSA 3992-1] curl security update
2017-10-06 20:43:43
slackware
slackware
[slackware-security] curl
2017-08-09 20:47:02
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.55.0-alt1
2017-08-09 00:00:00
archlinux
archlinux
[ASA-201708-16] curl: information disclosure
2017-08-22 00:00:00
osv
osv
curl - security update
2017-10-06 00:00:00
mageia
mageia
Updated curl packages fix security vulnerabilities
2017-08-19 12:58:33
Updated curl packages fix security vulnerability
2018-01-03 19:40:26
amazon
amazon
Medium: curl
2017-08-31 17:19:00
freebsd
freebsd
cURL -- multiple vulnerabilities
2017-08-09 00:00:00
cloudfoundry
cloudfoundry
USN-3441-1: curl vulnerabilities | Cloud Foundry
2017-11-01 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2017-10-10 00:00:00
curl vulnerabilities
2017-10-23 00:00:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2017-09-17 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2017-0082
2017-11-08 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2017-0045
2017-11-17 00:00:00
Critical Photon OS Security Update - PHSA-2017-0002
2017-11-17 00:00:00
suse
suse
Security update for CaaS Platform 1.0 images (important)
2017-09-14 21:11:54
Security update for SLES 12-SP2 Docker image (important)
2017-10-11 03:08:09
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
redhat
redhat
(RHSA-2018:3558) Moderate: httpd24 security, bug fix, and enhancement update
2018-11-13 08:00:33
