Vulnerability CVE-2015-3237: Information

Description

The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.

Severity: MEDIUM (6.4)

URL: https://nvd.nist.gov/vuln/detail/CVE-2015-3237
Published: June 22, 2015
Modified: Oct. 17, 2018
Error type identifier: CWE-20

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
curlsisyphus7.43.0-alt18.7.1-alt2ALT-PU-2015-1555-1145590Fixed
curlp107.43.0-alt18.7.1-alt2ALT-PU-2015-1555-1145590Fixed
curlp97.43.0-alt17.79.0-alt2ALT-PU-2015-1555-1145590Fixed
curlc10f17.43.0-alt18.6.0-alt1ALT-PU-2015-1555-1145590Fixed
curlc9f27.43.0-alt18.6.0-alt1ALT-PU-2015-1555-1145590Fixed
curlc77.56.1-alt1.M70C.1.17.56.1-alt1.M70C.1.1ALT-PU-2018-1442-1202075Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://curl.haxx.se/docs/adv_20150617B.html
  • Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
  • Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
  • Patch
  • Third Party Advisory
91787
  • Third Party Advisory
  • VDB Entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
    http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
      75387
        FEDORA-2015-10155
          GLSA-201509-02
            1036371
              http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

                  1. Configuration 1

                    cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*
                    cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*
                    cpe:2.3:a:haxx:curl:7.42.0:*:*:*:*:*:*:*
                    cpe:2.3:a:haxx:libcurl:7.42.1:*:*:*:*:*:*:*
                    cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*
                    cpe:2.3:a:haxx:curl:7.42.1:*:*:*:*:*:*:*
                    cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*
                    cpe:2.3:a:haxx:libcurl:7.42.0:*:*:*:*:*:*:*

                    Configuration 2

                    cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*
                    End including
                    7.5.3.1

                    Configuration 3

                    cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
                    cpe:2.3:a:oracle:glassfish_server:3.1.2:*:*:*:*:*:*:*
                    cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:*
                    cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*
                    cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.4:*:*:*:*:*:*:*
                VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                Version: v24.5.1
                Back to top