The sanitize_cookie_path function in cURL and libcurl 7.31.0 up to and including 7.41.0 does not properly calculate an index, which allows remote malicious users to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
fedoraproject fedora 21 |
||
fedoraproject fedora 22 |
||
canonical ubuntu linux 12.04 |
||
debian debian linux 7.0 |
||
canonical ubuntu linux 15.04 |
||
canonical ubuntu linux 14.10 |
||
canonical ubuntu linux 14.04 |
||
haxx curl 7.37.1 |
||
haxx curl 7.38.0 |
||
haxx curl 7.33.0 |
||
haxx curl 7.34.0 |
||
haxx curl 7.35.0 |
||
haxx curl 7.41.0 |
||
haxx curl 7.36.0 |
||
haxx curl 7.37.0 |
||
haxx curl 7.31.0 |
||
haxx curl 7.32.0 |
||
haxx curl 7.39.0 |
||
haxx curl 7.40.0 |
||
apple mac os x 10.10.2 |
||
apple mac os x 10.10.3 |
||
apple mac os x 10.10.0 |
||
apple mac os x 10.10.1 |
||
apple mac os x 10.10.4 |
||
oracle solaris 11.3 |
||
haxx libcurl 7.32.0 |
||
haxx libcurl 7.33.0 |
||
haxx libcurl 7.40.0 |
||
haxx libcurl 7.41.0 |
||
haxx libcurl 7.37.0 |
||
haxx libcurl 7.37.1 |
||
haxx libcurl 7.30.0 |
||
haxx libcurl 7.31.0 |
||
haxx libcurl 7.38.0 |
||
haxx libcurl 7.39 |
||
haxx libcurl 7.34.0 |
||
haxx libcurl 7.35.0 |
||
haxx libcurl 7.36.0 |
||
hp system management homepage |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 13.2 |
Vulmon