CVE-2017-8818
Gentoo Linux Security Advisory 201712-04
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.
curl y libcurl en versiones anteriores a la 7.57.0 en plataformas de 32 bits permiten que los atacantes provoquen una denegación de servicio (acceso fuera de límites y cierre inesperado de la aplicación) o, posiblemente, provoquen otro impacto porque se asigna demasiado poca memoria para interconectarse con una librería SSL.
Multiple vulnerabilities have been found in cURL, the worst of which may allow execution of arbitrary code. Versions less than 7.57.0 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-05-07 CVE Reserved
- 2017-11-29 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://security.cucumberlinux.com/security/details.php?id=163 | Third Party Advisory | |
| http://www.securityfocus.com/bid/102014 | Third Party Advisory | |
| http://www.securitytracker.com/id/1039898 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://curl.haxx.se/docs/adv_2017-af0a.html | 2017-12-20 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201712-04 | 2017-12-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.56.0 Search vendor "Haxx" for product "Curl" and version "7.56.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.56.1 Search vendor "Haxx" for product "Curl" and version "7.56.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.56.0 Search vendor "Haxx" for product "Libcurl" and version "7.56.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.56.1 Search vendor "Haxx" for product "Libcurl" and version "7.56.1" | - |
Affected
| ||||||