// For flags

CVE-2015-3144

 

Severity Score

9.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."

La función fix_hostname en cURL y libcurl 7.37.0 hasta 7.41.0 no calcula correctamente un indice, lo que permite a atacantes remotos causar una denegación de servicio (lectura o escritura fuera de rango y caída) o posiblemente tener otro impacto no especificado a través de un nombre de anfitrión de longitud cero, tal y como fue demostrado por 'http://:80' y ':80.'

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-04-10 CVE Reserved
  • 2015-04-22 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-10-18 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oracle
Search vendor "Oracle"
Mysql Enterprise Monitor
Search vendor "Oracle" for product "Mysql Enterprise Monitor"
<= 2.3.20
Search vendor "Oracle" for product "Mysql Enterprise Monitor" and version " <= 2.3.20"
-
Affected
Oracle
Search vendor "Oracle"
Mysql Enterprise Monitor
Search vendor "Oracle" for product "Mysql Enterprise Monitor"
<= 3.0.22
Search vendor "Oracle" for product "Mysql Enterprise Monitor" and version " <= 3.0.22"
-
Affected
Haxx
Search vendor "Haxx"
Curl
Search vendor "Haxx" for product "Curl"
7.37.0
Search vendor "Haxx" for product "Curl" and version "7.37.0"
-
Affected
Haxx
Search vendor "Haxx"
Curl
Search vendor "Haxx" for product "Curl"
7.37.1
Search vendor "Haxx" for product "Curl" and version "7.37.1"
-
Affected
Haxx
Search vendor "Haxx"
Curl
Search vendor "Haxx" for product "Curl"
7.38.0
Search vendor "Haxx" for product "Curl" and version "7.38.0"
-
Affected
Haxx
Search vendor "Haxx"
Curl
Search vendor "Haxx" for product "Curl"
7.39.0
Search vendor "Haxx" for product "Curl" and version "7.39.0"
-
Affected
Haxx
Search vendor "Haxx"
Curl
Search vendor "Haxx" for product "Curl"
7.40.0
Search vendor "Haxx" for product "Curl" and version "7.40.0"
-
Affected
Haxx
Search vendor "Haxx"
Curl
Search vendor "Haxx" for product "Curl"
7.41.0
Search vendor "Haxx" for product "Curl" and version "7.41.0"
-
Affected
Haxx
Search vendor "Haxx"
Libcurl
Search vendor "Haxx" for product "Libcurl"
7.37.0
Search vendor "Haxx" for product "Libcurl" and version "7.37.0"
-
Affected
Haxx
Search vendor "Haxx"
Libcurl
Search vendor "Haxx" for product "Libcurl"
7.37.1
Search vendor "Haxx" for product "Libcurl" and version "7.37.1"
-
Affected
Haxx
Search vendor "Haxx"
Libcurl
Search vendor "Haxx" for product "Libcurl"
7.38.0
Search vendor "Haxx" for product "Libcurl" and version "7.38.0"
-
Affected
Haxx
Search vendor "Haxx"
Libcurl
Search vendor "Haxx" for product "Libcurl"
7.39
Search vendor "Haxx" for product "Libcurl" and version "7.39"
-
Affected
Haxx
Search vendor "Haxx"
Libcurl
Search vendor "Haxx" for product "Libcurl"
7.40.0
Search vendor "Haxx" for product "Libcurl" and version "7.40.0"
-
Affected
Haxx
Search vendor "Haxx"
Libcurl
Search vendor "Haxx" for product "Libcurl"
7.41.0
Search vendor "Haxx" for product "Libcurl" and version "7.41.0"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
14.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.10"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
15.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "15.04"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected