Showing 1 - 4 of 4

CVE-2015-3144

Status Candidate

Overview

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."

Related Files

Slackware Security Advisory - curl Updates: Posted Oct 30, 2015; Authored by Slackware Security Team | Site slackware.com; Slackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.; tags | advisory; systems | linux, slackware; advisories | CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3236, CVE-2015-3237; SHA-256 | 6f8f1ea7ca7722d48810e15411398875a23f2427d517d29aaf9be8d59d9f7ffb; Download | Favorite | View

Gentoo Linux Security Advisory 201509-02: Posted Sep 25, 2015; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201509-2 - Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition. Versions less than 7.43.0 are affected.; tags | advisory, remote, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3236, CVE-2015-3237; SHA-256 | f5b5b9e3238bd4c9cdd7e927d7530352831a5a3d3d388eaff85cf3fbcee5d92e; Download | Favorite | View

Ubuntu Security Notice USN-2591-1: Posted Apr 30, 2015; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2591-1 - Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. Hanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially crafted host name, an attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. Various other issues were also addressed.; tags | advisory, web, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153; SHA-256 | 58aa927ae5cde26c640c5b1fad0d3a84b7a2049bd1bb1094b604b1a5687488f4; Download | Favorite | View

Debian Security Advisory 3232-1: Posted Apr 22, 2015; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3232-1 - Several vulnerabilities were discovered in cURL, an URL transfer library.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148; SHA-256 | 6e86f20ed47c4e7cfc2468ed008bfa64388d16455652fa11cf828b15cf453f31; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 87 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 4 files
Google Security Research 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

CVE-2015-3144

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems