CURL-CVE-2015-3237

See a problem?
Source
https://curl.se/docs/CVE-2015-3237.html
Import Source
https://curl.se/docs/CURL-CVE-2015-3237.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2015-3237
Aliases
Published
2015-06-17T08:00:00Z
Modified
2024-01-25T02:42:45.603687Z
Summary
SMB send off unrelated memory contents
Details

libcurl can get tricked by a malicious SMB server to send off data it did not intend to.

In libcurl's state machine function handling the SMB protocol (smb_request_state()), two length and offset values are extracted from data that has arrived over the network, and those values are subsequently used to figure out what data range to send back.

The values are used and trusted without boundary checks and are just assumed to be valid. This allows carefully handcrafted packages to trick libcurl into responding and sending off data that was not intended. Or just crash if the values cause libcurl to access invalid memory.

References
Credits
    • Daniel Stenberg - FINDER
    • Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.40.0
Fixed
7.43.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events
Introduced
e80d9d5902f38407d971587f2a6b7b839247ca92
Fixed
50c7f17e503fbab5081b69c97f9d4645389b9270

Affected versions

7.*

7.40.0
7.41.0
7.42.0
7.42.1