The fix_hostname function in cURL and libcurl 7.37.0 up to and including 7.41.0 does not properly calculate an index, which allows remote malicious users to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by ":80" and ":80."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle mysql enterprise monitor |
||
haxx curl 7.39.0 |
||
haxx curl 7.40.0 |
||
haxx curl 7.37.0 |
||
haxx curl 7.41.0 |
||
haxx curl 7.37.1 |
||
haxx curl 7.38.0 |
||
haxx libcurl 7.40.0 |
||
haxx libcurl 7.41.0 |
||
haxx libcurl 7.37.0 |
||
haxx libcurl 7.37.1 |
||
haxx libcurl 7.38.0 |
||
haxx libcurl 7.39 |
||
canonical ubuntu linux 14.10 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 15.04 |
||
debian debian linux 7.0 |