- Home
- CVEs with nessus.description==Several vulnerabilities have been discovered in cURL, an URL transfer
library. The Common Vulnerabilities and Exposures project identifies
the following problems :
- CVE-2017-1000100
Even Rouault reported that cURL does not properly handle
long file names when doing an TFTP upload. A malicious
HTTP(S) server can take advantage of this flaw by
redirecting a client using the cURL library to a crafted
TFTP URL and trick it to send private memory contents to
a remote server over UDP.
- CVE-2017-1000101
Brian Carpenter and Yongji Ouyang reported that cURL
contains a flaw in the globbing function that parses the
numerical range, leading to an out-of-bounds read when
parsing a specially crafted URL.
- CVE-2017-1000254
Max Dymond reported that cURL contains an out-of-bounds
read flaw in the FTP PWD response parser. A malicious
server can take advantage of this flaw to effectively
prevent a client using the cURL library to work with it,
causing a denial of service.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top