Vulnerability CVE-2015-3144: Information
Description
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."
Severity: CRITICAL (9.0)
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
curl | sisyphus | 7.42.0-alt1 | 8.7.1-alt2 | ALT-PU-2015-1396-1 | 143432 | Fixed |
curl | p10 | 7.42.0-alt1 | 8.7.1-alt2 | ALT-PU-2015-1396-1 | 143432 | Fixed |
curl | p9 | 7.42.0-alt1 | 7.79.0-alt2 | ALT-PU-2015-1396-1 | 143432 | Fixed |
curl | c10f1 | 7.42.0-alt1 | 8.6.0-alt1 | ALT-PU-2015-1396-1 | 143432 | Fixed |
curl | c9f2 | 7.42.0-alt1 | 8.6.0-alt1 | ALT-PU-2015-1396-1 | 143432 | Fixed |
curl | c7 | 7.56.1-alt1.M70C.1.1 | 7.56.1-alt1.M70C.1.1 | ALT-PU-2018-1442-1 | 202075 | Fixed |
curl | p11 | 7.42.0-alt1 | 8.7.1-alt2 | ALT-PU-2015-1396-1 | 143432 | Fixed |