CURL-CVE-2015-3237

Source
https://curl.se/docs/CVE-2015-3237.html
Import Source
https://curl.se/docs/CURL-CVE-2015-3237.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2015-3237
Aliases
Published
2015-06-17T08:00:00Z
Modified
2024-01-25T02:42:45.603687Z
Summary
SMB send off unrelated memory contents
Details

libcurl can get tricked by a malicious SMB server to send off data it did not intend to.

In libcurl's state machine function handling the SMB protocol (smb_request_state()), two length and offset values are extracted from data that has arrived over the network, and those values are subsequently used to figure out what data range to send back.

The values are used and trusted without boundary checks and are just assumed to be valid. This allows carefully handcrafted packages to trick libcurl into responding and sending off data that was not intended. Or just crash if the values cause libcurl to access invalid memory.

Database specific
{
    "CWE": {
        "id": "CWE-126",
        "desc": "Buffer Over-read"
    },
    "package": "curl",
    "URL": "https://curl.se/docs/CVE-2015-3237.json",
    "severity": "High",
    "www": "https://curl.se/docs/CVE-2015-3237.html",
    "last_affected": "7.42.1"
}
References
Credits
    • Daniel Stenberg - FINDER
    • Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.40.0
Fixed
7.43.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events

Affected versions

7.*

7.40.0
7.41.0
7.42.0
7.42.1