CVE-2017-1000101

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-1000101
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000101.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-1000101
Aliases
Downstream
Related
Published
2017-10-05T01:29:04.103Z
Modified
2026-03-15T22:13:14.898179Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be http://ur%20[0-60000000000000000000.

References

Affected packages

Git / github.com/curl/curl

Affected ranges

Type
GIT
Repo
https://github.com/curl/curl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f6163b375f0aeec85172e93823078de86bdd7bf1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2bf90d071016e279796e789f0ac223d635671a41
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4f041c9d6e61829310eb0715d8edb2a232478123
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3fed9acaef45ac8b99ceecc38afbed3494e2d3ef
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
df5169fa35f31ebe10893f2a3416ec8e8d8faa20
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
202aa9f7758636730299b86715d924f54468a908
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
303bfc1024d948a5ba134ccfc106f82c0b4fd675
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9ce2d7001939b795b45a8ce7700d1a3dcde0475d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ff837422ee4ec7d6aea7750a40e30cba29db93e8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
22691f849ac959ffaa821a3ca7f746ee54bd5e52
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4feb6e6d035d5d66984957c8ca22bc9a05df527f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
38e07886ed2792988217a2ffa482ce3a69ca92c2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1a7f66a3de2625d10f65415e6eb3e56067dc0555
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2c000d91f3c423cee0af44e8afc79b9d25a9e714
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e2ae32ff5f3ab6f0819590f61f248f17df12987f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
06bf874bbca0a5c600b210b5db920eff9f95f0d0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8f995e2e0022292374fc99a2277069b08ad98b5c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9819cec61b00cc872136ea5faf469627b3b87e69
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
67fe54d918a3b42a24cb7f5db81514c10e239735
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cf93a7b364a70b56150cf6ea77492b799ec02a45
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
79e63a53bb9598af863b0afe49ad662795faeef4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f2cb3a01192d36395d16acec6cdb93446ca6fd45
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9ce6d0d52821c6e33506cb173f0e27c68014e60e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8986c86e1ef297e95518ae4695339f2d64d913cf
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3c561c657c2f0e553b19115a506592a8bbd744bc
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
95c717bbd9c327c38b4efcc37d5cda29b8ee2a36
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
44b9b4d4f56d6f6de92c89636994c03984e9cd01
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a7135ac3c3d825ec9f4919ee0212434e01e76b4c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
25df50aa3392ecdbf2b8256b93b30558e8b3a810
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d957e2189fdc73cef0ff3d1fb58043d354754449
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
54b636f14546d3fde9f9c67c3b32701d78563161
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2679562dc7685674998f2841811d361400ae0d19
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.4.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.35.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.36.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.37.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.37.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.38.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.39.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.40.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.41.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.42.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.42.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.43.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.44.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.45.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.46.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.47.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.47.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.48.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.49.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.49.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.50.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.50.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.50.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.50.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.51.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.52.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.52.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.53.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.53.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.54.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.54.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.55.0"
        }
    ]
}

Affected versions

Other
curl-6_5
curl-6_5_1
curl-6_5_2
curl-7_1_1
curl-7_2
curl-7_3
curl-7_4_1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000101.json"