CURL-CVE-2017-1000101

See a problem?

Source

https://curl.se/docs/CVE-2017-1000101.html

Import Source

https://curl.se/docs/CURL-CVE-2017-1000101.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2017-1000101

Aliases

CVE-2017-1000101

Published

2017-08-09T08:00:00Z

Modified

2024-07-02T09:22:24Z

Summary

URL globbing out of bounds read

Details

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers.

In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing.

An example of a URL that triggers the flaw would be http://ur%20[0-60000000000000000000.

References

Credits

- Brian Carpenter - FINDER
- Yongji Ouyang - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.34.0

Fixed

7.55.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

5ca96cb84410270e233c92bf1b2583cba40c3fad

Fixed

453e7a7a03a2cec749abd3878a48e728c515cca7

Affected versions

7.*

7.34.0

7.35.0

7.36.0

7.37.0

7.37.1

7.38.0

7.39.0

7.40.0

7.41.0

7.42.0

7.42.1

7.43.0

7.44.0

7.45.0

7.46.0

7.47.0

7.47.1

7.48.0

7.49.0

7.49.1

7.50.0

7.50.1

7.50.2

7.50.3

7.51.0

7.52.0

7.52.1

7.53.0

7.53.1

7.54.0

7.54.1