CURL-CVE-2015-3237

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2015-3237.html

Import Source

https://curl.se/docs/CURL-CVE-2015-3237.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2015-3237

Aliases

CVE-2015-3237

Published

2015-06-17T08:00:00Z

Modified

2026-05-19T14:06:58.372301Z

Summary

SMB send off unrelated memory contents

Details

libcurl can get tricked by a malicious SMB server to send off data it did not intend to.

In libcurl's state machine function handling the SMB protocol (smb_request_state()), two length and offset values are extracted from data that has arrived over the network, and those values are subsequently used to figure out what data range to send back.

The values are used and trusted without boundary checks and are assumed to be valid. This allows carefully handcrafted packages to trick libcurl into responding and sending off data that was not intended. Or crash if the values cause libcurl to access invalid memory.

Database specific

{
    "severity": "High",
    "CWE": {
        "desc": "Buffer Over-read",
        "id": "CWE-126"
    },
    "package": "curl",
    "URL": "https://curl.se/docs/CVE-2015-3237.json",
    "affects": "both",
    "last_affected": "7.42.1",
    "www": "https://curl.se/docs/CVE-2015-3237.html"
}

References

Credits

- Daniel Stenberg - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.40.0

Fixed

7.43.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

e80d9d5902f38407d971587f2a6b7b839247ca92

Fixed

50c7f17e503fbab5081b69c97f9d4645389b9270

Affected versions

7.*

7.40.0

7.41.0

7.42.0

7.42.1

Other

curl-7_40_0

curl-7_41_0

curl-7_42_0

Database specific

vanir_signatures

[
    {
        "id": "CURL-CVE-2015-3237-adb1a990",
        "signature_version": "v1",
        "source": "https://github.com/curl/curl.git/commit/50c7f17e503fbab5081b69c97f9d4645389b9270",
        "signature_type": "Line",
        "target": {
            "file": "lib/smb.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "133709591701469678183633004515703879137",
                "275971352638128819471138387032967939445",
                "126077310330602836890399135254576876122",
                "174908122469919804202893443409697812314",
                "60081792177254282548318352902677282523",
                "278682513450920856603214751427433535182"
            ]
        },
        "deprecated": false
    },
    {
        "id": "CURL-CVE-2015-3237-d07220c2",
        "signature_version": "v1",
        "source": "https://github.com/curl/curl.git/commit/50c7f17e503fbab5081b69c97f9d4645389b9270",
        "signature_type": "Function",
        "target": {
            "file": "lib/smb.c",
            "function": "smb_request_state"
        },
        "digest": {
            "function_hash": "143572682265013568568942217572854695151",
            "length": 3226.0
        },
        "deprecated": false
    }
]

vanir_signatures_modified

"2026-05-19T14:06:58Z"

source

"https://curl.se/docs/CURL-CVE-2015-3237.json"