CURL-CVE-2017-1000101

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2017-1000101.html

Import Source

https://curl.se/docs/CURL-CVE-2017-1000101.json

JSON Data

https://api.test.osv.dev/v1/vulns/CURL-CVE-2017-1000101

Aliases

CVE-2017-1000101

Published

2017-08-09T08:00:00Z

Modified

2024-07-02T09:22:24Z

Summary

URL globbing out of bounds read

Details

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers.

In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing.

An example of a URL that triggers the flaw would be http://ur%20[0-60000000000000000000.

Database specific

{
    "last_affected": "7.54.1",
    "www": "https://curl.se/docs/CVE-2017-1000101.html",
    "severity": "Medium",
    "affects": "tool",
    "URL": "https://curl.se/docs/CVE-2017-1000101.json",
    "package": "curl",
    "CWE": {
        "id": "CWE-126",
        "desc": "Buffer Over-read"
    }
}

References

Credits

- Brian Carpenter - FINDER
- Yongji Ouyang - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.34.0

Fixed

7.55.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

5ca96cb84410270e233c92bf1b2583cba40c3fad

Fixed

453e7a7a03a2cec749abd3878a48e728c515cca7

Affected versions

7.*

7.34.0

7.35.0

7.36.0

7.37.0

7.37.1

7.38.0

7.39.0

7.40.0

7.41.0

7.42.0

7.42.1

7.43.0

7.44.0

7.45.0

7.46.0

7.47.0

7.47.1

7.48.0

7.49.0

7.49.1

7.50.0

7.50.1

7.50.2

7.50.3

7.51.0

7.52.0

7.52.1

7.53.0

7.53.1

7.54.0

7.54.1

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/curl/curl.git/commit/453e7a7a03a2cec749abd3878a48e728c515cca7",
        "digest": {
            "length": 2893.0,
            "function_hash": "60326349713164111015205419997284250710"
        },
        "id": "CURL-CVE-2017-1000101-d35fff0a",
        "signature_version": "v1",
        "target": {
            "function": "glob_range",
            "file": "src/tool_urlglob.c"
        }
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/curl/curl.git/commit/453e7a7a03a2cec749abd3878a48e728c515cca7",
        "digest": {
            "line_hashes": [
                "123150116165892801649156348291261903198",
                "285900347832440945719183793124713313729",
                "338786517253160465565202185010639599373",
                "254954250228785359441594206624569439575"
            ],
            "threshold": 0.9
        },
        "id": "CURL-CVE-2017-1000101-de4d641e",
        "signature_version": "v1",
        "target": {
            "file": "src/tool_urlglob.c"
        }
    }
]