CVE-2015-3144 – Gentoo Linux Security Advisory 201509-02

https://notcve.org/view.php?id=CVE-2015-3144

22 Apr 2015 — The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80." La función fix_hostname en cURL y libcurl 7.37.0 hasta 7.41.0 no calcula correctamente un indice, lo que permite a atacantes remotos causar una denegación de servicio (lectura o escritura fuera... • http://curl.haxx.se/docs/adv_20150422D.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •