CVE-2015-3145
HIGH severity · CVSS 7.5 · Memory corruption
7.5CVSS HIGH
Summary
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)38%
AV:N/AC:L/Au:N/C:P/I:P/A:P
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://curl.haxx.se/docs/adv_20150422C.htmlAdvisory
- http://advisories.mageia.org/MGASA-2015-0179.htmlAdvisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlAdvisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.htmlAdvisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.htmlAdvisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.htmlAdvisory