CVE-2017-1000101
curl: URL globbing out of bounds read
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.
curl es compatible con el "globbing" de URL, donde un usuario puede pasar un rango numérico para hacer que la herramienta itere sobre esos números para realizar una secuencia de transferencias. En la función de "globbing" que analiza sintácticamente el rango numérico, hay una omisión que hace que curl lea un byte más allá del fin de la URL si se proporciona una URL manipulada o simplemente mal escrita. La URL se almacena en un búfer basado en memoria dinámica (heap) para que se pueda hacer luego de tal manera que lea erróneamente otra cosa en vez de cerrarse inesperadamente. A continuación se muestra un ejemplo de una URL que desencadena este fallo: "http://ur%20[0-60000000000000000000".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-08-09 CVE Published
- 2017-10-03 CVE Reserved
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-125: Out-of-bounds Read
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/100249 | Third Party Advisory | |
| http://www.securitytracker.com/id/1039117 | Third Party Advisory | |
| https://support.apple.com/HT208221 | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3992 | 2018-11-13 | |
| https://access.redhat.com/errata/RHSA-2018:3558 | 2018-11-13 | |
| https://curl.haxx.se/docs/adv_20170809A.html | 2018-11-13 | |
| https://security.gentoo.org/glsa/201709-14 | 2018-11-13 | |
| https://access.redhat.com/security/cve/CVE-2017-1000101 | 2018-11-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1478309 | 2018-11-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.4.1 Search vendor "Haxx" for product "Curl" and version "7.4.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.35.0 Search vendor "Haxx" for product "Curl" and version "7.35.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.36.0 Search vendor "Haxx" for product "Curl" and version "7.36.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.37.0 Search vendor "Haxx" for product "Curl" and version "7.37.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.37.1 Search vendor "Haxx" for product "Curl" and version "7.37.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.38.0 Search vendor "Haxx" for product "Curl" and version "7.38.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.39.0 Search vendor "Haxx" for product "Curl" and version "7.39.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.40.0 Search vendor "Haxx" for product "Curl" and version "7.40.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.41.0 Search vendor "Haxx" for product "Curl" and version "7.41.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.42.0 Search vendor "Haxx" for product "Curl" and version "7.42.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.42.1 Search vendor "Haxx" for product "Curl" and version "7.42.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.43.0 Search vendor "Haxx" for product "Curl" and version "7.43.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.44.0 Search vendor "Haxx" for product "Curl" and version "7.44.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.45.0 Search vendor "Haxx" for product "Curl" and version "7.45.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.46.0 Search vendor "Haxx" for product "Curl" and version "7.46.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.47.0 Search vendor "Haxx" for product "Curl" and version "7.47.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.47.1 Search vendor "Haxx" for product "Curl" and version "7.47.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.48.0 Search vendor "Haxx" for product "Curl" and version "7.48.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.49.0 Search vendor "Haxx" for product "Curl" and version "7.49.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.49.1 Search vendor "Haxx" for product "Curl" and version "7.49.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.50.0 Search vendor "Haxx" for product "Curl" and version "7.50.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.50.1 Search vendor "Haxx" for product "Curl" and version "7.50.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.50.2 Search vendor "Haxx" for product "Curl" and version "7.50.2" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.50.3 Search vendor "Haxx" for product "Curl" and version "7.50.3" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.51.0 Search vendor "Haxx" for product "Curl" and version "7.51.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.52.0 Search vendor "Haxx" for product "Curl" and version "7.52.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.52.1 Search vendor "Haxx" for product "Curl" and version "7.52.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.53.0 Search vendor "Haxx" for product "Curl" and version "7.53.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.53.1 Search vendor "Haxx" for product "Curl" and version "7.53.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.54.0 Search vendor "Haxx" for product "Curl" and version "7.54.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.54.1 Search vendor "Haxx" for product "Curl" and version "7.54.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.55.0 Search vendor "Haxx" for product "Curl" and version "7.55.0" | - |
Affected
| ||||||