CVE-2017-1000100

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.

References

http://www.debian.org/security/2017/dsa-3992

http://www.securityfocus.com/bid/100286

http://www.securitytracker.com/id/1039118

https://access.redhat.com/errata/RHSA-2018:3558

https://curl.haxx.se/docs/adv_20170809B.html

https://security.gentoo.org/glsa/201709-14

https://support.apple.com/HT208221

Details

Source: MITRE

Published: 2017-10-05

Updated: 2018-11-13

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.42.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.42.1:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.43.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.44.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.45.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.46.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.47.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.47.1:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.48.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.49.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.49.1:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.50.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.50.1:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.50.2:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.50.3:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.51.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.52.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.52.1:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.53.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.53.1:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.54.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.54.1:*:*:*:*:*:*:*

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
125003EulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1550)NessusHuawei Local Security Checks
critical
700512macOS 10.13.x < 10.13.1 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
123892EulerOS Virtualization 2.5.4 : curl (EulerOS-SA-2019-1206)NessusHuawei Local Security Checks
critical
123849EulerOS Virtualization 2.5.3 : curl (EulerOS-SA-2019-1163)NessusHuawei Local Security Checks
medium
122705EulerOS Virtualization 2.5.2 : curl (EulerOS-SA-2019-1083)NessusHuawei Local Security Checks
medium
121761Photon OS 2.0: Curl PHSA-2017-0045NessusPhotonOS Local Security Checks
critical
121748Photon OS 1.0: Curl PHSA-2017-0041NessusPhotonOS Local Security Checks
critical
120990EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1002)NessusHuawei Local Security Checks
critical
119916EulerOS 2.0 SP2 : curl (EulerOS-SA-2018-1427)NessusHuawei Local Security Checks
critical
119529EulerOS 2.0 SP3 : curl (EulerOS-SA-2018-1401)NessusHuawei Local Security Checks
critical
111894Photon OS 2.0: Bash / Curl / Go / Libtiff / Systemd PHSA-2017-0045 (deprecated)NessusPhotonOS Local Security Checks
critical
111890Photon OS 1.0: Curl / Freetype2 / Glibc / Systemd PHSA-2017-0041 (deprecated)NessusPhotonOS Local Security Checks
critical
104379macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)NessusMacOS X Local Security Checks
critical
104378macOS 10.13.x < 10.13.1 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
103773Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : curl vulnerabilities (USN-3441-1)NessusUbuntu Local Security Checks
high
103715Debian DSA-3992-1 : curl - security updateNessusDebian Local Security Checks
high
103282GLSA-201709-14 : cURL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
102910SUSE SLES11 Security Update : curl (SUSE-SU-2017:2312-1)NessusSuSE Local Security Checks
high
102877Amazon Linux AMI : curl (ALAS-2017-889)NessusAmazon Linux Local Security Checks
medium
102597Debian DLA-1062-1 : curl security updateNessusDebian Local Security Checks
medium
102566openSUSE Security Update : curl (openSUSE-2017-951)NessusSuSE Local Security Checks
medium
102540SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2017:2174-1)NessusSuSE Local Security Checks
medium
102463Fedora 25 : curl (2017-f2df9d7772)NessusFedora Local Security Checks
medium
102462Fedora 26 : curl (2017-f1ffd18079)NessusFedora Local Security Checks
medium
102365Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : curl (SSA:2017-221-01)NessusSlackware Local Security Checks
medium
102330FreeBSD : cURL -- multiple vulnerabilities (69cfa386-7cd0-11e7-867f-b499baebfeaf)NessusFreeBSD Local Security Checks
medium