CVE-2015-3145 (GCVE-0-2015-3145)

Vulnerability from cvelistv5 – Published: 2015-04-24 14:00 – Updated: 2024-08-06 05:39

Summary

Severity

No CVSS data available.

CWE

Assigner

redhat

References

20 references

URL	Tags
http://www.securityfocus.com/bid/74303	vdb-entryx_refsource_BID
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://www.debian.org/security/2015/dsa-3232	vendor-advisoryx_refsource_DEBIAN
http://curl.haxx.se/docs/adv_20150422C.html	x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://www.ubuntu.com/usn/USN-2591-1	vendor-advisoryx_refsource_UBUNTU
http://www.securitytracker.com/id/1032232	vdb-entryx_refsource_SECTRACK
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
http://kb.juniper.net/InfoCenter/index?page=conte…	x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
http://advisories.mageia.org/MGASA-2015-0179.html	x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
https://support.apple.com/kb/HT205031	x_refsource_CONFIRM
https://security.gentoo.org/glsa/201509-02	vendor-advisoryx_refsource_GENTOO
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA

Date Public

2015-04-22 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:39:30.959Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "74303",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74303"
          },
          {
            "name": "FEDORA-2015-6853",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html"
          },
          {
            "name": "DSA-3232",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3232"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/docs/adv_20150422C.html"
          },
          {
            "name": "FEDORA-2015-6712",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html"
          },
          {
            "name": "MDVSA-2015:219",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219"
          },
          {
            "name": "USN-2591-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2591-1"
          },
          {
            "name": "1032232",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032232"
          },
          {
            "name": "APPLE-SA-2015-08-13-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "name": "openSUSE-SU-2015:0799",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2015-0179.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT205031"
          },
          {
            "name": "GLSA-201509-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201509-02"
          },
          {
            "name": "FEDORA-2015-6728",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html"
          },
          {
            "name": "FEDORA-2015-6695",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html"
          },
          {
            "name": "FEDORA-2015-6864",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T00:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "74303",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74303"
        },
        {
          "name": "FEDORA-2015-6853",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html"
        },
        {
          "name": "DSA-3232",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3232"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/docs/adv_20150422C.html"
        },
        {
          "name": "FEDORA-2015-6712",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html"
        },
        {
          "name": "MDVSA-2015:219",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219"
        },
        {
          "name": "USN-2591-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2591-1"
        },
        {
          "name": "1032232",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032232"
        },
        {
          "name": "APPLE-SA-2015-08-13-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "name": "openSUSE-SU-2015:0799",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2015-0179.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT205031"
        },
        {
          "name": "GLSA-201509-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201509-02"
        },
        {
          "name": "FEDORA-2015-6728",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html"
        },
        {
          "name": "FEDORA-2015-6695",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html"
        },
        {
          "name": "FEDORA-2015-6864",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-3145",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "74303",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74303"
            },
            {
              "name": "FEDORA-2015-6853",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html"
            },
            {
              "name": "DSA-3232",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3232"
            },
            {
              "name": "http://curl.haxx.se/docs/adv_20150422C.html",
              "refsource": "CONFIRM",
              "url": "http://curl.haxx.se/docs/adv_20150422C.html"
            },
            {
              "name": "FEDORA-2015-6712",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html"
            },
            {
              "name": "MDVSA-2015:219",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219"
            },
            {
              "name": "USN-2591-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2591-1"
            },
            {
              "name": "1032232",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032232"
            },
            {
              "name": "APPLE-SA-2015-08-13-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "openSUSE-SU-2015:0799",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2015-0179.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2015-0179.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
            },
            {
              "name": "https://support.apple.com/kb/HT205031",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT205031"
            },
            {
              "name": "GLSA-201509-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201509-02"
            },
            {
              "name": "FEDORA-2015-6728",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html"
            },
            {
              "name": "FEDORA-2015-6695",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html"
            },
            {
              "name": "FEDORA-2015-6864",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-3145",
    "datePublished": "2015-04-24T14:00:00.000Z",
    "dateReserved": "2015-04-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T05:39:30.959Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2015-3145",
      "date": "2026-05-26",
      "epss": "0.67994",
      "percentile": "0.98613"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56BDB5A0-0839-4A20-A003-B8CD56F48171\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"253C303A-E577-4488-93E6-68A8DD942C38\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49A63F39-30BE-443F-AF10-6245587D3359\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F38D3B7E-8429-473F-BB31-FC3583EE5A5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F59A04-14CF-49E2-9973-645477EA09DA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5ECABFCB-0D02-4B5B-BB35-C6B3C0896348\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A5176F0-E62F-46FF-B536-DC0680696773\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"506A3761-3D24-43DB-88D8-4EB5B9E8BA5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B6EF8B0-0E86-449C-A500-ACD902A78C7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D558CC2-0146-4887-834E-19FCB1D512A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6931764D-16AB-4546-9CE3-5B4E03BC984A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FC1313E-8DCB-4B29-A9BC-A27C8CB360E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B27C2E02-5C0A-4A12-B0A6-5B1C0DFA94E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFC7535F-B8C7-490F-A2F9-1DCFD41A3C9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CCBFE6D-F6A9-4394-9AF8-F830DC7E6A81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DEBBFCA-6A18-4F8F-B841-50255C952FA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEEAE437-A645-468B-B283-44799658F534\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8A2286E-9D1C-4B56-8B40-150201B818AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AF9BC68-7F0D-4DF9-9CD8-6CE9844555C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D35FAC77-A0DD-4AF9-AA9E-A4B170842D2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"831B1114-7CA7-43E3-9A15-592218060A1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8B0A12E-E122-4189-A05E-4FEA43C19876\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79A602C5-61FE-47BA-9786-F045B6C6DBA8\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3B6BFFB-7967-482C-9B49-4BD25C815299\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1791BF6D-2C96-4A6E-90D4-2906A73601F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"260DD751-4145-4B75-B892-5FC932C6A305\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFF4AD0D-2EC5-4CE8-B6B3-2EC8ED2FF118\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EB1CB85-0A9B-4816-B471-278774EE6D4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3831AB03-4E7E-476D-9623-58AADC188DFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABACE305-2F0C-4B59-BC5C-6DF162B450E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FAC1B55-F492-484E-B837-E7745682DE0A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0D57914-B40A-462B-9C78-6433BE2B2DB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9A12DF7-62C5-46AD-9236-E2821C64156E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C43697D-390A-4AC0-A5D8-62B6D22245BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D52E9E9F-7A35-4CB9-813E-5A1D4A36415C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"257291FB-969C-4413-BA81-806B5E1B40A7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.5.3.1\", \"matchCriteriaId\": \"D06BF4CE-299F-42E4-BA0A-5D68788C92DF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A10BC294-9196-425F-9FB0-B1625465B47F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n sanitize_cookie_path en cURL y libcurl 7.31.0 hasta 7.41.0 no calcula correctamente un indice, lo que permite a atacantes remotos causar una denegaci\\u00f3n de servicio (escritura fuera de rango y ca\\u00edda) o posiblemente tener otro impacto no especificado a trav\\u00e9s de una ruta de cookie que contiene solamente un car\\u00e1cter de comillas dobles.\"}]",
      "id": "CVE-2015-3145",
      "lastModified": "2024-11-21T02:28:46.150",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-04-24T14:59:10.157",
      "references": "[{\"url\": \"http://advisories.mageia.org/MGASA-2015-0179.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://curl.haxx.se/docs/adv_20150422C.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2015/dsa-3232\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:219\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/74303\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id/1032232\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2591-1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201509-02\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://support.apple.com/kb/HT205031\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://advisories.mageia.org/MGASA-2015-0179.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://curl.haxx.se/docs/adv_20150422C.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2015/dsa-3232\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:219\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/74303\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1032232\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2591-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201509-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/kb/HT205031\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-3145\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-04-24T14:59:10.157\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n sanitize_cookie_path en cURL y libcurl 7.31.0 hasta 7.41.0 no calcula correctamente un indice, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (escritura fuera de rango y ca\u00edda) o posiblemente tener otro impacto no especificado a trav\u00e9s de una ruta de cookie que contiene solamente un car\u00e1cter de comillas dobles.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56BDB5A0-0839-4A20-A003-B8CD56F48171\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"253C303A-E577-4488-93E6-68A8DD942C38\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49A63F39-30BE-443F-AF10-6245587D3359\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F38D3B7E-8429-473F-BB31-FC3583EE5A5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5ECABFCB-0D02-4B5B-BB35-C6B3C0896348\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A5176F0-E62F-46FF-B536-DC0680696773\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"506A3761-3D24-43DB-88D8-4EB5B9E8BA5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B6EF8B0-0E86-449C-A500-ACD902A78C7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D558CC2-0146-4887-834E-19FCB1D512A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6931764D-16AB-4546-9CE3-5B4E03BC984A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FC1313E-8DCB-4B29-A9BC-A27C8CB360E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B27C2E02-5C0A-4A12-B0A6-5B1C0DFA94E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFC7535F-B8C7-490F-A2F9-1DCFD41A3C9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CCBFE6D-F6A9-4394-9AF8-F830DC7E6A81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DEBBFCA-6A18-4F8F-B841-50255C952FA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEEAE437-A645-468B-B283-44799658F534\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8A2286E-9D1C-4B56-8B40-150201B818AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AF9BC68-7F0D-4DF9-9CD8-6CE9844555C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D35FAC77-A0DD-4AF9-AA9E-A4B170842D2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"831B1114-7CA7-43E3-9A15-592218060A1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8B0A12E-E122-4189-A05E-4FEA43C19876\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79A602C5-61FE-47BA-9786-F045B6C6DBA8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3B6BFFB-7967-482C-9B49-4BD25C815299\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1791BF6D-2C96-4A6E-90D4-2906A73601F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"260DD751-4145-4B75-B892-5FC932C6A305\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFF4AD0D-2EC5-4CE8-B6B3-2EC8ED2FF118\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EB1CB85-0A9B-4816-B471-278774EE6D4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3831AB03-4E7E-476D-9623-58AADC188DFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABACE305-2F0C-4B59-BC5C-6DF162B450E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FAC1B55-F492-484E-B837-E7745682DE0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0D57914-B40A-462B-9C78-6433BE2B2DB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9A12DF7-62C5-46AD-9236-E2821C64156E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C43697D-390A-4AC0-A5D8-62B6D22245BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D52E9E9F-7A35-4CB9-813E-5A1D4A36415C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"257291FB-969C-4413-BA81-806B5E1B40A7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.5.3.1\",\"matchCriteriaId\":\"D06BF4CE-299F-42E4-BA0A-5D68788C92DF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10BC294-9196-425F-9FB0-B1625465B47F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"}]}]}],\"references\":[{\"url\":\"http://advisories.mageia.org/MGASA-2015-0179.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://curl.haxx.se/docs/adv_20150422C.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3232\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:219\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/74303\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1032232\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2591-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201509-02\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.apple.com/kb/HT205031\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://advisories.mageia.org/MGASA-2015-0179.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://curl.haxx.se/docs/adv_20150422C.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:219\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/74303\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2591-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201509-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT205031\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

VAR-201504-0149

Vulnerability from variot - Updated: 2023-12-18 11:26

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. cURL/libcURL are prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Both Haxx curl and libcurl are products of the Swedish company Haxx. There is a security vulnerability in the 'sanitize_cookie_path' function of Haxx cURL and libcurl versions 7.31.0 to 7.41.0. The vulnerability is caused by the program not calculating the index correctly. ============================================================================ Ubuntu Security Notice USN-2591-1 April 30, 2015

curl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 15.04
Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in curl.

Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. (CVE-2015-3143)

Hanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3144)

Hanno B=C3=B6ck discovered that curl incorrectly handled cookie path elements. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3148)

Yehezkel Horowitz and Oren Souroujon discovered that curl sent HTTP headers both to servers and proxies by default, contrary to expectations. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3153)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04: libcurl3 7.38.0-3ubuntu2.2 libcurl3-gnutls 7.38.0-3ubuntu2.2 libcurl3-nss 7.38.0-3ubuntu2.2

Ubuntu 14.10: libcurl3 7.37.1-1ubuntu3.4 libcurl3-gnutls 7.37.1-1ubuntu3.4 libcurl3-nss 7.37.1-1ubuntu3.4

Ubuntu 14.04 LTS: libcurl3 7.35.0-1ubuntu2.5 libcurl3-gnutls 7.35.0-1ubuntu2.5 libcurl3-nss 7.35.0-1ubuntu2.5

Ubuntu 12.04 LTS: libcurl3 7.22.0-3ubuntu4.14 libcurl3-gnutls 7.22.0-3ubuntu4.14 libcurl3-nss 7.22.0-3ubuntu4.14

In general, a standard system update will make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2591-1 CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153

Package Information: https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.2 https://launchpad.net/ubuntu/+source/curl/7.37.1-1ubuntu3.4 https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.5 https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.14 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201509-02

                                       https://security.gentoo.org/

Severity: Normal Title: cURL: Multiple vulnerabilities Date: September 24, 2015 Bugs: #547376, #552618 ID: 201509-02

Synopsis

Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition.

Background

cURL is a tool and libcurl is a library for transferring data with URL syntax.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/curl < 7.43.0 >= 7.43.0

Description

Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All cURL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.43.0"

References

[ 1 ] CVE-2015-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3143 [ 2 ] CVE-2015-3144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3144 [ 3 ] CVE-2015-3145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3145 [ 4 ] CVE-2015-3148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3148 [ 5 ] CVE-2015-3236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3236 [ 6 ] CVE-2015-3237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3237

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201509-02

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-3232-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini April 22, 2015 http://www.debian.org/security/faq

Package : curl CVE ID : CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148

Several vulnerabilities were discovered in cURL, an URL transfer library:

CVE-2015-3143

NTLM-authenticated connections could be wrongly reused for requests
without any credentials set, leading to HTTP requests being sent
over the connection authenticated as a different user. This is
similar to the issue fixed in DSA-2849-1.

CVE-2015-3144

When parsing URLs with a zero-length hostname (such as "http://:80"),
libcurl would try to read from an invalid memory address. This
issue only affects the upcoming stable (jessie) and unstable (sid)
distributions.

CVE-2015-3145

When parsing HTTP cookies, if the parsed cookie's "path" element
consists of a single double-quote, libcurl would try to write to an
invalid heap memory address. This issue only affects the
upcoming stable (jessie) and unstable (sid) distributions.

CVE-2015-3148

When doing HTTP requests using the Negotiate authentication method
along with NTLM, the connection used would not be marked as
authenticated, making it possible to reuse it and send requests for
one user over the connection authenticated as a different user.

For the stable distribution (wheezy), these problems have been fixed in version 7.26.0-1+wheezy13.

For the upcoming stable distribution (jessie), these problems have been fixed in version 7.38.0-4+deb8u1.

For the unstable distribution (sid), these problems have been fixed in version 7.42.0-1.

We recommend that you upgrade your curl packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIcBAEBCgAGBQJVN484AAoJEK+lG9bN5XPL5isP/2PLo2iCsaKPAl4FCMC7G8uj D3WJgAx3dID1+FwDU/2GX7L4Lb8u7iDGY7qVJV09cdYVJUb9U5hiHrrjthR3WMhi qpK+2d3RtbzdKb83RJ+Ye/Px0O3wBtO5WZ5o8fWoPHXMPZzo9bPuqBHtYciNrhea ot3fWCK6TWCazSx4wU2MSoDhmu+GjxUqAwI9XhzKi5ui4YuUDZIGAZXe2XSmpyZy KyMFSTaEMCg972rWXmBJfq6mbiEkkNWKfPCFvLmDJAQA9RR9f6euTo4BOV2/NpJ7 m0OhXwofCy/7TIontfO+j+rB0p3pVI2YEC9zSF7ITqggH47rVjkeEGEO+fDOEKJz QqiATeDY77z5WINVFFDukbw5lMy+os848+r8WbfhWv7PMozWncIjcSxzBkTvX3QY iG2khFbpEYXnBt/JFXnCtYVMO94KhAw8+9e0+mOZvexglEo/tIcsseK20eu8KDw0 pDPpuqvxYF47uQTts/kNVkC4Yk5ZdCnIzZCoUUbfJ/5Lo+8pRlUCd3aOgIAfwwp5 TPXdTLr3cLajVBPWUwRolvuQD7fdht0294UlKZwGhXlYJ9UwqDVfYwAoc2KVt4hI mRMbBRdyy+LVzIOMXqYgOU0njpTZj+lTAWZkbeVmdMMUU/u0l2peGabJUbUmk35j 3UCM8MZyw4I0qI5KGlL1 =FvPw -----END PGP SIGNATURE----- .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/curl-7.45.0-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 package: e9307566f43c3c12ac72f12cea688741 curl-7.45.0-i486-1_slack13.0.txz

Slackware x86_64 13.0 package: 5fe5a7733ce969f8f468c6b03cf6b1f7 curl-7.45.0-x86_64-1_slack13.0.txz

Slackware 13.1 package: 9d3d5ccbae7284c84c4667885bf9fd0d curl-7.45.0-i486-1_slack13.1.txz

Slackware x86_64 13.1 package: 7e7f04d3de8d34b8b082729ceaa53ba9 curl-7.45.0-x86_64-1_slack13.1.txz

Slackware 13.37 package: 00bd418a8607ea74d1986c08d5358052 curl-7.45.0-i486-1_slack13.37.txz

Slackware x86_64 13.37 package: 23e7da7ab6846fed5d18b5f5399ac400 curl-7.45.0-x86_64-1_slack13.37.txz

Slackware 14.0 package: 76f010b92c755f16f19840723d845e21 curl-7.45.0-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: daf0b67147a50e44d89f8852632fcdf7 curl-7.45.0-x86_64-1_slack14.0.txz

Slackware 14.1 package: 8c2a5796d4a4ce840a767423667eb97b curl-7.45.0-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: 763157115101b63867217707ff4a9021 curl-7.45.0-x86_64-1_slack14.1.txz

Slackware -current package: 0c2d192aff4af6f74281a1d724d31ce3 n/curl-7.45.0-i586-1.txz

Slackware x86_64 -current package: 4791e2bb2afd43ec0642d94e22259e81 n/curl-7.45.0-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg curl-7.45.0-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148 http://advisories.mageia.org/MGASA-2015-0179.html

Updated Packages:

Mandriva Business Server 2/X86_64: b393afe9953fd43da5f93c4451f4f84d mbs2/x86_64/curl-7.34.0-3.2.mbs2.x86_64.rpm 545e67ed6bcaa35849991a672247aaec mbs2/x86_64/curl-examples-7.34.0-3.2.mbs2.noarch.rpm 489d8f2de0435424263da4be0dd0280d mbs2/x86_64/lib64curl4-7.34.0-3.2.mbs2.x86_64.rpm f0e972e99602adee6f11ae901daedc39 mbs2/x86_64/lib64curl-devel-7.34.0-3.2.mbs2.x86_64.rpm 7dfe1a041b36ad253d3e609a1ee5a089 mbs2/SRPMS/curl-7.34.0-3.2.mbs2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201504-0149",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fedoraproject",
        "version": "22"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fedoraproject",
        "version": "21"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.31.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.40.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.04"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.41.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "curl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.35.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.3"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.2"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.32.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.36.0"
      },
      {
        "model": "curl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.37.0"
      },
      {
        "model": "curl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.33.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.34.0"
      },
      {
        "model": "curl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.39.0"
      },
      {
        "model": "curl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.38.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.10"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.37.1"
      },
      {
        "model": "curl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.31.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.2"
      },
      {
        "model": "curl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.40.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "curl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.41.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.4"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.30.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.35.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.0"
      },
      {
        "model": "curl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.36.0"
      },
      {
        "model": "curl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.32.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.39"
      },
      {
        "model": "curl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.34.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.37.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.33.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.38.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.1"
      },
      {
        "model": "curl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.37.1"
      },
      {
        "model": "system management homepage",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "7.5.3.1"
      },
      {
        "model": "ubuntu",
        "scope": null,
        "trust": 0.8,
        "vendor": "canonical",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      },
      {
        "model": "curl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "haxx",
        "version": "7.31.0 to  7.41.0"
      },
      {
        "model": "libcurl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "haxx",
        "version": "7.31.0 to  7.41.0"
      },
      {
        "model": "opensuse",
        "scope": null,
        "trust": 0.8,
        "vendor": "opensuse",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "system management homepage",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74303"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002486"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3145"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-502"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.5.3.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3145"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hanno B\u0026amp;amp;ouml;ck",
    "sources": [
      {
        "db": "BID",
        "id": "74303"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3145",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-3145",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-81106",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3145",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201504-502",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81106",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-3145",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81106"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3145"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002486"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3145"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-502"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. cURL/libcURL are prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to crash the affected application, denying service to legitimate users. Both Haxx curl and libcurl are products of the Swedish company Haxx. There is a security vulnerability in the \u0027sanitize_cookie_path\u0027 function of Haxx cURL and libcurl versions 7.31.0 to 7.41.0. The vulnerability is caused by the program not calculating the index correctly. ============================================================================\nUbuntu Security Notice USN-2591-1\nApril 30, 2015\n\ncurl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nParas Sethia discovered that curl could incorrectly re-use NTLM HTTP\ncredentials when subsequently connecting to the same host over HTTP. \n(CVE-2015-3143)\n\nHanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. \n(CVE-2015-3144)\n\nHanno B=C3=B6ck discovered that curl incorrectly handled cookie path elements. This\nissue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3148)\n\nYehezkel Horowitz and Oren Souroujon discovered that curl sent HTTP headers\nboth to servers and proxies by default, contrary to expectations. This\nissue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3153)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n  libcurl3                        7.38.0-3ubuntu2.2\n  libcurl3-gnutls                 7.38.0-3ubuntu2.2\n  libcurl3-nss                    7.38.0-3ubuntu2.2\n\nUbuntu 14.10:\n  libcurl3                        7.37.1-1ubuntu3.4\n  libcurl3-gnutls                 7.37.1-1ubuntu3.4\n  libcurl3-nss                    7.37.1-1ubuntu3.4\n\nUbuntu 14.04 LTS:\n  libcurl3                        7.35.0-1ubuntu2.5\n  libcurl3-gnutls                 7.35.0-1ubuntu2.5\n  libcurl3-nss                    7.35.0-1ubuntu2.5\n\nUbuntu 12.04 LTS:\n  libcurl3                        7.22.0-3ubuntu4.14\n  libcurl3-gnutls                 7.22.0-3ubuntu4.14\n  libcurl3-nss                    7.22.0-3ubuntu4.14\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2591-1\n  CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148,\n  CVE-2015-3153\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.2\n  https://launchpad.net/ubuntu/+source/curl/7.37.1-1ubuntu3.4\n  https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.5\n  https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.14\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201509-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: cURL: Multiple vulnerabilities\n     Date: September 24, 2015\n     Bugs: #547376, #552618\n       ID: 201509-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\ncan allow remote attackers to cause Denial of Service condition. \n\nBackground\n==========\n\ncURL is a tool and libcurl is a library for transferring data with URL\nsyntax. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/curl                \u003c 7.43.0                  \u003e= 7.43.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.43.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-3143\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3143\n[ 2 ] CVE-2015-3144\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3144\n[ 3 ] CVE-2015-3145\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3145\n[ 4 ] CVE-2015-3148\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3148\n[ 5 ] CVE-2015-3236\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3236\n[ 6 ] CVE-2015-3237\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3237\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201509-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3232-1                   security@debian.org\nhttp://www.debian.org/security/                        Alessandro Ghedini\nApril 22, 2015                         http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : curl\nCVE ID         : CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148\n\nSeveral vulnerabilities were discovered in cURL, an URL transfer library:\n\nCVE-2015-3143\n\n    NTLM-authenticated connections could be wrongly reused for requests\n    without any credentials set, leading to HTTP requests being sent\n    over the connection authenticated as a different user. This is\n    similar to the issue fixed in DSA-2849-1. \n\nCVE-2015-3144\n\n    When parsing URLs with a zero-length hostname (such as \"http://:80\"),\n    libcurl would try to read from an invalid memory address. This\n    issue only affects the upcoming stable (jessie) and unstable (sid)\n    distributions. \n\nCVE-2015-3145\n\n    When parsing HTTP cookies, if the parsed cookie\u0027s \"path\" element\n    consists of a single double-quote, libcurl would try to write to an\n    invalid heap memory address. This issue only affects the\n    upcoming stable (jessie) and unstable (sid) distributions. \n\nCVE-2015-3148\n\n    When doing HTTP requests using the Negotiate authentication method\n    along with NTLM, the connection used would not be marked as\n    authenticated, making it possible to reuse it and send requests for\n    one user over the connection authenticated as a different user. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7.26.0-1+wheezy13. \n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 7.38.0-4+deb8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.42.0-1. \n\nWe recommend that you upgrade your curl packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBCgAGBQJVN484AAoJEK+lG9bN5XPL5isP/2PLo2iCsaKPAl4FCMC7G8uj\nD3WJgAx3dID1+FwDU/2GX7L4Lb8u7iDGY7qVJV09cdYVJUb9U5hiHrrjthR3WMhi\nqpK+2d3RtbzdKb83RJ+Ye/Px0O3wBtO5WZ5o8fWoPHXMPZzo9bPuqBHtYciNrhea\not3fWCK6TWCazSx4wU2MSoDhmu+GjxUqAwI9XhzKi5ui4YuUDZIGAZXe2XSmpyZy\nKyMFSTaEMCg972rWXmBJfq6mbiEkkNWKfPCFvLmDJAQA9RR9f6euTo4BOV2/NpJ7\nm0OhXwofCy/7TIontfO+j+rB0p3pVI2YEC9zSF7ITqggH47rVjkeEGEO+fDOEKJz\nQqiATeDY77z5WINVFFDukbw5lMy+os848+r8WbfhWv7PMozWncIjcSxzBkTvX3QY\niG2khFbpEYXnBt/JFXnCtYVMO94KhAw8+9e0+mOZvexglEo/tIcsseK20eu8KDw0\npDPpuqvxYF47uQTts/kNVkC4Yk5ZdCnIzZCoUUbfJ/5Lo+8pRlUCd3aOgIAfwwp5\nTPXdTLr3cLajVBPWUwRolvuQD7fdht0294UlKZwGhXlYJ9UwqDVfYwAoc2KVt4hI\nmRMbBRdyy+LVzIOMXqYgOU0njpTZj+lTAWZkbeVmdMMUU/u0l2peGabJUbUmk35j\n3UCM8MZyw4I0qI5KGlL1\n=FvPw\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.45.0-i486-1_slack14.1.txz:  Upgraded. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\ne9307566f43c3c12ac72f12cea688741  curl-7.45.0-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n5fe5a7733ce969f8f468c6b03cf6b1f7  curl-7.45.0-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n9d3d5ccbae7284c84c4667885bf9fd0d  curl-7.45.0-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n7e7f04d3de8d34b8b082729ceaa53ba9  curl-7.45.0-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n00bd418a8607ea74d1986c08d5358052  curl-7.45.0-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n23e7da7ab6846fed5d18b5f5399ac400  curl-7.45.0-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n76f010b92c755f16f19840723d845e21  curl-7.45.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndaf0b67147a50e44d89f8852632fcdf7  curl-7.45.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n8c2a5796d4a4ce840a767423667eb97b  curl-7.45.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n763157115101b63867217707ff4a9021  curl-7.45.0-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n0c2d192aff4af6f74281a1d724d31ce3  n/curl-7.45.0-i586-1.txz\n\nSlackware x86_64 -current package:\n4791e2bb2afd43ec0642d94e22259e81  n/curl-7.45.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.45.0-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148\n http://advisories.mageia.org/MGASA-2015-0179.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n b393afe9953fd43da5f93c4451f4f84d  mbs2/x86_64/curl-7.34.0-3.2.mbs2.x86_64.rpm\n 545e67ed6bcaa35849991a672247aaec  mbs2/x86_64/curl-examples-7.34.0-3.2.mbs2.noarch.rpm\n 489d8f2de0435424263da4be0dd0280d  mbs2/x86_64/lib64curl4-7.34.0-3.2.mbs2.x86_64.rpm\n f0e972e99602adee6f11ae901daedc39  mbs2/x86_64/lib64curl-devel-7.34.0-3.2.mbs2.x86_64.rpm \n 7dfe1a041b36ad253d3e609a1ee5a089  mbs2/SRPMS/curl-7.34.0-3.2.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3145"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002486"
      },
      {
        "db": "BID",
        "id": "74303"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81106"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3145"
      },
      {
        "db": "PACKETSTORM",
        "id": "131699"
      },
      {
        "db": "PACKETSTORM",
        "id": "133700"
      },
      {
        "db": "PACKETSTORM",
        "id": "131588"
      },
      {
        "db": "PACKETSTORM",
        "id": "134138"
      },
      {
        "db": "PACKETSTORM",
        "id": "131727"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3145",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "74303",
        "trust": 1.5
      },
      {
        "db": "JUNIPER",
        "id": "JSA10743",
        "trust": 1.5
      },
      {
        "db": "SECTRACK",
        "id": "1032232",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002486",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-502",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "64164",
        "trust": 0.6
      },
      {
        "db": "SECUNIA",
        "id": "64284",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-81106",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3145",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131699",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133700",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131588",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134138",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131727",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81106"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3145"
      },
      {
        "db": "BID",
        "id": "74303"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002486"
      },
      {
        "db": "PACKETSTORM",
        "id": "131699"
      },
      {
        "db": "PACKETSTORM",
        "id": "133700"
      },
      {
        "db": "PACKETSTORM",
        "id": "131588"
      },
      {
        "db": "PACKETSTORM",
        "id": "134138"
      },
      {
        "db": "PACKETSTORM",
        "id": "131727"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3145"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-502"
      }
    ]
  },
  "id": "VAR-201504-0149",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81106"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:26:55.441000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "DSA-3232",
        "trust": 0.8,
        "url": "https://www.debian.org/security/2015/dsa-3232"
      },
      {
        "title": "FEDORA-2015-6695",
        "trust": 0.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/155957.html"
      },
      {
        "title": "FEDORA-2015-6728",
        "trust": 0.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156945.html"
      },
      {
        "title": "FEDORA-2015-6853",
        "trust": 0.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157017.html"
      },
      {
        "title": "FEDORA-2015-6864",
        "trust": 0.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157188.html"
      },
      {
        "title": "HPSBMU03546",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
      },
      {
        "title": "openSUSE-SU-2015:0799",
        "trust": 0.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
      },
      {
        "title": "cookie parser out of boundary memory access",
        "trust": 0.8,
        "url": "http://curl.haxx.se/docs/adv_20150422c.html"
      },
      {
        "title": "USN-2591-1",
        "trust": 0.8,
        "url": "http://www.ubuntu.com/usn/usn-2591-1"
      },
      {
        "title": "curl-curl-7_42_0",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55216"
      },
      {
        "title": "curl-curl-7_42_0",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55215"
      },
      {
        "title": "Red Hat: CVE-2015-3145",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3145"
      },
      {
        "title": "Debian Security Advisories: DSA-3232-1 curl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6e7bbc3a8db398caa606cf6110790ac9"
      },
      {
        "title": "Ubuntu Security Notice: curl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2591-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-514",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-514"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
      },
      {
        "title": "afl-cve",
        "trust": 0.1,
        "url": "https://github.com/mrash/afl-cve "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3145"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002486"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-502"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81106"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002486"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3145"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://advisories.mageia.org/mgasa-2015-0179.html"
      },
      {
        "trust": 2.1,
        "url": "http://curl.haxx.se/docs/adv_20150422c.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.debian.org/security/2015/dsa-3232"
      },
      {
        "trust": 1.5,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/74303"
      },
      {
        "trust": 1.3,
        "url": "https://security.gentoo.org/glsa/201509-02"
      },
      {
        "trust": 1.3,
        "url": "http://www.ubuntu.com/usn/usn-2591-1"
      },
      {
        "trust": 1.2,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
      },
      {
        "trust": 1.2,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.2,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/155957.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/156250.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157017.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157188.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156945.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:219"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1032232"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10743"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3145"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3145"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/64164"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/64284"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3148"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3143"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3145"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3144"
      },
      {
        "trust": 0.3,
        "url": "http://curl.haxx.se/"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10743\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903004"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903006"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967789"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3236"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3143"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3148"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10743"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3145"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2591-1/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.14"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.37.1-1ubuntu3.4"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3153"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3144"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3145"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3143"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3237"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3236"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3148"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://:80\"),"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3236"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3144"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3237"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81106"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3145"
      },
      {
        "db": "BID",
        "id": "74303"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002486"
      },
      {
        "db": "PACKETSTORM",
        "id": "131699"
      },
      {
        "db": "PACKETSTORM",
        "id": "133700"
      },
      {
        "db": "PACKETSTORM",
        "id": "131588"
      },
      {
        "db": "PACKETSTORM",
        "id": "134138"
      },
      {
        "db": "PACKETSTORM",
        "id": "131727"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3145"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-502"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81106"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3145"
      },
      {
        "db": "BID",
        "id": "74303"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002486"
      },
      {
        "db": "PACKETSTORM",
        "id": "131699"
      },
      {
        "db": "PACKETSTORM",
        "id": "133700"
      },
      {
        "db": "PACKETSTORM",
        "id": "131588"
      },
      {
        "db": "PACKETSTORM",
        "id": "134138"
      },
      {
        "db": "PACKETSTORM",
        "id": "131727"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3145"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-502"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81106"
      },
      {
        "date": "2015-04-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3145"
      },
      {
        "date": "2015-04-22T00:00:00",
        "db": "BID",
        "id": "74303"
      },
      {
        "date": "2015-04-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002486"
      },
      {
        "date": "2015-04-30T15:48:24",
        "db": "PACKETSTORM",
        "id": "131699"
      },
      {
        "date": "2015-09-25T06:54:51",
        "db": "PACKETSTORM",
        "id": "133700"
      },
      {
        "date": "2015-04-22T20:15:37",
        "db": "PACKETSTORM",
        "id": "131588"
      },
      {
        "date": "2015-10-30T23:23:03",
        "db": "PACKETSTORM",
        "id": "134138"
      },
      {
        "date": "2015-05-04T17:18:27",
        "db": "PACKETSTORM",
        "id": "131727"
      },
      {
        "date": "2015-04-24T14:59:10.157000",
        "db": "NVD",
        "id": "CVE-2015-3145"
      },
      {
        "date": "2015-04-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201504-502"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81106"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3145"
      },
      {
        "date": "2016-07-06T14:27:00",
        "db": "BID",
        "id": "74303"
      },
      {
        "date": "2016-09-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002486"
      },
      {
        "date": "2018-10-30T16:27:35.843000",
        "db": "NVD",
        "id": "CVE-2015-3145"
      },
      {
        "date": "2015-04-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201504-502"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "133700"
      },
      {
        "db": "PACKETSTORM",
        "id": "131727"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-502"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cURL and  libcurl of  sanitize_cookie_path Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002486"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-502"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-3145 (GCVE-0-2015-3145)

VAR-201504-0149

curl vulnerabilities

Synopsis

Background

Affected packages

Description

Workaround

Resolution

References

Availability

Concerns?

License

upgradepkg curl-7.45.0-i486-1_slack14.1.txz

Tags

Sightings

Nomenclature