CVE-2015-3144
Severity Score
9.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."
La función fix_hostname en cURL y libcurl 7.37.0 hasta 7.41.0 no calcula correctamente un indice, lo que permite a atacantes remotos causar una denegación de servicio (lectura o escritura fuera de rango y caída) o posiblemente tener otro impacto no especificado a través de un nombre de anfitrión de longitud cero, tal y como fue demostrado por 'http://:80' y ':80.'
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-04-10 CVE Reserved
- 2015-04-22 CVE Published
- 2024-08-06 CVE Updated
- 2024-10-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743 | X_refsource_confirm | |
| http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/74300 | Vdb Entry | |
| http://www.securitytracker.com/id/1032232 | Vdb Entry | |
| https://support.apple.com/kb/HT205031 | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Mysql Enterprise Monitor Search vendor "Oracle" for product "Mysql Enterprise Monitor" | <= 2.3.20 Search vendor "Oracle" for product "Mysql Enterprise Monitor" and version " <= 2.3.20" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Enterprise Monitor Search vendor "Oracle" for product "Mysql Enterprise Monitor" | <= 3.0.22 Search vendor "Oracle" for product "Mysql Enterprise Monitor" and version " <= 3.0.22" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.37.0 Search vendor "Haxx" for product "Curl" and version "7.37.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.37.1 Search vendor "Haxx" for product "Curl" and version "7.37.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.38.0 Search vendor "Haxx" for product "Curl" and version "7.38.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.39.0 Search vendor "Haxx" for product "Curl" and version "7.39.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.40.0 Search vendor "Haxx" for product "Curl" and version "7.40.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.41.0 Search vendor "Haxx" for product "Curl" and version "7.41.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.37.0 Search vendor "Haxx" for product "Libcurl" and version "7.37.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.37.1 Search vendor "Haxx" for product "Libcurl" and version "7.37.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.38.0 Search vendor "Haxx" for product "Libcurl" and version "7.38.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.39 Search vendor "Haxx" for product "Libcurl" and version "7.39" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.40.0 Search vendor "Haxx" for product "Libcurl" and version "7.40.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.41.0 Search vendor "Haxx" for product "Libcurl" and version "7.41.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.04" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||