CVE-2017-1000100
curl: TFTP sends more than buffer size
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.
A la hora de hacer una transferencia TFTP y proporcionar una URL con un nombre de archivo muy grande (mayor que 515 bytes) en curl/libcurl, el nombre de archivo se trunca para que entre en los límites del búfer, pero el tamaño del búfer se sigue actualizando erróneamente para usar la longitud no truncada. Este valor excesivamente grande se utiliza luego en la llamada sendto(), lo que hace que un intento curl envíe más datos que los que están realmente puestos en el búfer. La función endto() lee entonces más allá del final del búfer basado en la memoria dinámica (heap). Un servidor HTTP(S) malicioso podría redirigir un cliente vulnerable que utiliza libcurl a una URL TFTP manipulada (si el cliente no tuviese restringidos a qué protocolos se permiten redirecciones) y engañarle para que envíe contenidos privados de la memoria a un servidor remoto por UDP. Limite los protocolos de redirección de curl con --proto-redir y los de libcurl, con CURLOPT_REDIR_PROTOCOLS.
Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Even Rouault discovered that curl incorrectly handled large file names when doing TFTP transfers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. Various other issues were also addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-08-09 CVE Published
- 2017-10-03 CVE Reserved
- 2024-08-05 CVE Updated
- 2025-04-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/100286 | Third Party Advisory | |
| http://www.securitytracker.com/id/1039118 | Third Party Advisory | |
| https://support.apple.com/HT208221 | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://curl.haxx.se/docs/adv_20170809B.html | 2018-11-13 | |
| https://security.gentoo.org/glsa/201709-14 | 2018-11-13 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3992 | 2018-11-13 | |
| https://access.redhat.com/errata/RHSA-2018:3558 | 2018-11-13 | |
| https://access.redhat.com/security/cve/CVE-2017-1000100 | 2018-11-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1478310 | 2018-11-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.15.0 Search vendor "Haxx" for product "Libcurl" and version "7.15.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.15.1 Search vendor "Haxx" for product "Libcurl" and version "7.15.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.15.2 Search vendor "Haxx" for product "Libcurl" and version "7.15.2" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.15.3 Search vendor "Haxx" for product "Libcurl" and version "7.15.3" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.15.4 Search vendor "Haxx" for product "Libcurl" and version "7.15.4" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.15.5 Search vendor "Haxx" for product "Libcurl" and version "7.15.5" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.16.0 Search vendor "Haxx" for product "Libcurl" and version "7.16.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.16.1 Search vendor "Haxx" for product "Libcurl" and version "7.16.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.16.2 Search vendor "Haxx" for product "Libcurl" and version "7.16.2" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.16.3 Search vendor "Haxx" for product "Libcurl" and version "7.16.3" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.16.4 Search vendor "Haxx" for product "Libcurl" and version "7.16.4" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.17.0 Search vendor "Haxx" for product "Libcurl" and version "7.17.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.17.1 Search vendor "Haxx" for product "Libcurl" and version "7.17.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.18.0 Search vendor "Haxx" for product "Libcurl" and version "7.18.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.18.1 Search vendor "Haxx" for product "Libcurl" and version "7.18.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.18.2 Search vendor "Haxx" for product "Libcurl" and version "7.18.2" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.19.0 Search vendor "Haxx" for product "Libcurl" and version "7.19.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.19.1 Search vendor "Haxx" for product "Libcurl" and version "7.19.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.19.2 Search vendor "Haxx" for product "Libcurl" and version "7.19.2" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.19.3 Search vendor "Haxx" for product "Libcurl" and version "7.19.3" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.19.4 Search vendor "Haxx" for product "Libcurl" and version "7.19.4" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.19.5 Search vendor "Haxx" for product "Libcurl" and version "7.19.5" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.19.6 Search vendor "Haxx" for product "Libcurl" and version "7.19.6" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.19.7 Search vendor "Haxx" for product "Libcurl" and version "7.19.7" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.20.0 Search vendor "Haxx" for product "Libcurl" and version "7.20.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.20.1 Search vendor "Haxx" for product "Libcurl" and version "7.20.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.21.0 Search vendor "Haxx" for product "Libcurl" and version "7.21.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.21.1 Search vendor "Haxx" for product "Libcurl" and version "7.21.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.21.2 Search vendor "Haxx" for product "Libcurl" and version "7.21.2" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.21.3 Search vendor "Haxx" for product "Libcurl" and version "7.21.3" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.21.4 Search vendor "Haxx" for product "Libcurl" and version "7.21.4" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.21.5 Search vendor "Haxx" for product "Libcurl" and version "7.21.5" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.21.6 Search vendor "Haxx" for product "Libcurl" and version "7.21.6" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.21.7 Search vendor "Haxx" for product "Libcurl" and version "7.21.7" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.22.0 Search vendor "Haxx" for product "Libcurl" and version "7.22.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.23.0 Search vendor "Haxx" for product "Libcurl" and version "7.23.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.23.1 Search vendor "Haxx" for product "Libcurl" and version "7.23.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.24.0 Search vendor "Haxx" for product "Libcurl" and version "7.24.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.25.0 Search vendor "Haxx" for product "Libcurl" and version "7.25.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.26.0 Search vendor "Haxx" for product "Libcurl" and version "7.26.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.27.0 Search vendor "Haxx" for product "Libcurl" and version "7.27.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.28.0 Search vendor "Haxx" for product "Libcurl" and version "7.28.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.28.1 Search vendor "Haxx" for product "Libcurl" and version "7.28.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.29.0 Search vendor "Haxx" for product "Libcurl" and version "7.29.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.30.0 Search vendor "Haxx" for product "Libcurl" and version "7.30.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.31.0 Search vendor "Haxx" for product "Libcurl" and version "7.31.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.32.0 Search vendor "Haxx" for product "Libcurl" and version "7.32.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.33.0 Search vendor "Haxx" for product "Libcurl" and version "7.33.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.34.0 Search vendor "Haxx" for product "Libcurl" and version "7.34.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.35.0 Search vendor "Haxx" for product "Libcurl" and version "7.35.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.36.0 Search vendor "Haxx" for product "Libcurl" and version "7.36.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.37.0 Search vendor "Haxx" for product "Libcurl" and version "7.37.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.37.1 Search vendor "Haxx" for product "Libcurl" and version "7.37.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.38.0 Search vendor "Haxx" for product "Libcurl" and version "7.38.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.39 Search vendor "Haxx" for product "Libcurl" and version "7.39" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.40.0 Search vendor "Haxx" for product "Libcurl" and version "7.40.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.41.0 Search vendor "Haxx" for product "Libcurl" and version "7.41.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.42.0 Search vendor "Haxx" for product "Libcurl" and version "7.42.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.42.1 Search vendor "Haxx" for product "Libcurl" and version "7.42.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.43.0 Search vendor "Haxx" for product "Libcurl" and version "7.43.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.44.0 Search vendor "Haxx" for product "Libcurl" and version "7.44.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.45.0 Search vendor "Haxx" for product "Libcurl" and version "7.45.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.46.0 Search vendor "Haxx" for product "Libcurl" and version "7.46.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.47.0 Search vendor "Haxx" for product "Libcurl" and version "7.47.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.47.1 Search vendor "Haxx" for product "Libcurl" and version "7.47.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.48.0 Search vendor "Haxx" for product "Libcurl" and version "7.48.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.49.0 Search vendor "Haxx" for product "Libcurl" and version "7.49.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.49.1 Search vendor "Haxx" for product "Libcurl" and version "7.49.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.50.0 Search vendor "Haxx" for product "Libcurl" and version "7.50.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.50.1 Search vendor "Haxx" for product "Libcurl" and version "7.50.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.50.2 Search vendor "Haxx" for product "Libcurl" and version "7.50.2" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.50.3 Search vendor "Haxx" for product "Libcurl" and version "7.50.3" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.51.0 Search vendor "Haxx" for product "Libcurl" and version "7.51.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.52.0 Search vendor "Haxx" for product "Libcurl" and version "7.52.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.52.1 Search vendor "Haxx" for product "Libcurl" and version "7.52.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.53.0 Search vendor "Haxx" for product "Libcurl" and version "7.53.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.53.1 Search vendor "Haxx" for product "Libcurl" and version "7.53.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.54.0 Search vendor "Haxx" for product "Libcurl" and version "7.54.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.54.1 Search vendor "Haxx" for product "Libcurl" and version "7.54.1" | - |
Affected
| ||||||