CURL-CVE-2017-1000101

See a problem?
Please try reporting it to the source first.
Source
https://curl.se/docs/CVE-2017-1000101.html
Import Source
https://curl.se/docs/CURL-CVE-2017-1000101.json
JSON Data
https://api.test.osv.dev/v1/vulns/CURL-CVE-2017-1000101
Aliases
Published
2017-08-09T08:00:00Z
Modified
2024-07-02T09:22:24Z
Summary
URL globbing out of bounds read
Details

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers.

In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing.

An example of a URL that triggers the flaw would be http://ur%20[0-60000000000000000000.

Database specific 
{
    "CWE": {
        "id": "CWE-126",
        "desc": "Buffer Over-read"
    },
    "package": "curl",
    "URL": "https://curl.se/docs/CVE-2017-1000101.json",
    "severity": "Medium",
    "www": "https://curl.se/docs/CVE-2017-1000101.html",
    "last_affected": "7.54.1"
}
References
Credits
    • Brian Carpenter - FINDER
    • Yongji Ouyang - FINDER
    • Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.34.0
Fixed
7.55.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events
Introduced
5ca96cb84410270e233c92bf1b2583cba40c3fad
Fixed
453e7a7a03a2cec749abd3878a48e728c515cca7

Affected versions

7.*

7.34.0
7.35.0
7.36.0
7.37.0
7.37.1
7.38.0
7.39.0
7.40.0
7.41.0
7.42.0
7.42.1
7.43.0
7.44.0
7.45.0
7.46.0
7.47.0
7.47.1
7.48.0
7.49.0
7.49.1
7.50.0
7.50.1
7.50.2
7.50.3
7.51.0
7.52.0
7.52.1
7.53.0
7.53.1
7.54.0
7.54.1