Showing 1 - 4 of 4

CVE-2015-3144

Status Candidate

Overview

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "https://:80" and ":80."

Related Files

Slackware Security Advisory - curl Updates: Posted Oct 30, 2015; Authored by Slackware Security Team | Site slackware.com; Slackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.; tags | advisory; systems | linux, slackware; advisories | CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3236, CVE-2015-3237; SHA-256 | 6f8f1ea7ca7722d48810e15411398875a23f2427d517d29aaf9be8d59d9f7ffb; Download | Favorite | View

Gentoo Linux Security Advisory 201509-02: Posted Sep 25, 2015; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201509-2 - Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition. Versions less than 7.43.0 are affected.; tags | advisory, remote, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3236, CVE-2015-3237; SHA-256 | f5b5b9e3238bd4c9cdd7e927d7530352831a5a3d3d388eaff85cf3fbcee5d92e; Download | Favorite | View

Ubuntu Security Notice USN-2591-1: Posted Apr 30, 2015; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2591-1 - Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. Hanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially crafted host name, an attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. Various other issues were also addressed.; tags | advisory, web, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153; SHA-256 | 58aa927ae5cde26c640c5b1fad0d3a84b7a2049bd1bb1094b604b1a5687488f4; Download | Favorite | View

Debian Security Advisory 3232-1: Posted Apr 22, 2015; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3232-1 - Several vulnerabilities were discovered in cURL, an URL transfer library.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148; SHA-256 | 6e86f20ed47c4e7cfc2468ed008bfa64388d16455652fa11cf828b15cf453f31; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 219 files
Ubuntu 55 files
LiquidWorm 20 files
Debian 18 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2015-3144

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems