CURL-CVE-2017-1000101

Source
https://curl.se/docs/CVE-2017-1000101.html
Import Source
https://curl.se/docs/CURL-CVE-2017-1000101.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2017-1000101
Aliases
Published
2017-08-09T08:00:00Z
Modified
2024-07-02T09:22:24Z
Summary
URL globbing out of bounds read
Details

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers.

In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing.

An example of a URL that triggers the flaw would be http://ur%20[0-60000000000000000000.

References
Credits
    • Brian Carpenter - FINDER
    • Yongji Ouyang - FINDER
    • Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.34.0
Fixed
7.55.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events

Affected versions

7.*

7.34.0
7.35.0
7.36.0
7.37.0
7.37.1
7.38.0
7.39.0
7.40.0
7.41.0
7.42.0
7.42.1
7.43.0
7.44.0
7.45.0
7.46.0
7.47.0
7.47.1
7.48.0
7.49.0
7.49.1
7.50.0
7.50.1
7.50.2
7.50.3
7.51.0
7.52.0
7.52.1
7.53.0
7.53.1
7.54.0
7.54.1