CVE-2017-1000100

Published Oct 5, 2017
Last updated 6 years ago
CVSS medium 6.5
Overview

Description: When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 3.0

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-200
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60BBDF07-DB97-433E-B542-EFEBE45550DB"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA8BE3F8-82ED-4DD7-991E-979E950C98B1"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "738AA231-4694-46E8-B559-1594263A9987"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9E1F171-B887-499A-BF4F-538EBF347811"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07AA276A-0EBA-4DC9-951C-8F8159FAC7A8"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DEEF534-9AD2-4439-9D69-E91D062C4647"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63643BE1-C978-4CD2-8ED1-2B979DB0676E"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6FA04A0-9258-4654-ABCF-F41340B1FA35"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE829230-AFDB-4131-9C6A-D9D7A66C5B57"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7E8BA30-8087-48D4-AE1B-48326FF826B8"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47970EFF-2F51-4875-A6BD-E30614E13278"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52C9B668-3204-41C5-A82E-262BDFA541DD"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08C8EE1E-E186-42D6-8B12-05865C73F261"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEA3D88B-41B9-4D79-B47D-B3D6058C0C27"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2C80901-D48E-4C2A-9BED-A40007A11C97"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "331A51E4-AA73-486F-9618-5A83965F2436"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB32DF2C-9208-4853-ADEB-B00D764D7467"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E05636DC-7E38-4605-AAB8-81C0AE37520A"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "624DF2F1-53FD-48D3-B93D-44E99C9C0C5D"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2171C7C-311A-4405-B95F-3A54966FA844"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DE20A41-8B53-46FC-9002-69CC7495171F"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87ED9DA0-E880-4CBB-B1AC-5AEE8A004718"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5293C7F0-BF9F-4768-889A-876CE78903CC"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3EB41B3-65F3-4B0E-8CCC-325B14AF605B"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "857B244C-2AFB-40C7-A893-7C6DE9871BCE"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B732CE55-820A-40E0-A885-71BBB6CF8C15"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0455A5F2-1515-4CD8-BA2F-74D28E91A661"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29034B3A-BE9D-4D68-8C56-4465C03C3693"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6249538E-FBCB-4130-91FB-DA78D7BA45DE"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E11B8A5-50A2-468F-BFB3-86DD9D28AC73"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EAE25A0-3828-46F1-AB30-88732CBC9F38"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1533A85C-2160-445D-8787-E624AEDC5A0C"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D87B9393-7EA4-43DA-900C-7E840AE2D4C2"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D1249E9-304F-4952-8DAB-8B79CE5E7D54"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83FAF953-6A65-4FAB-BDB5-03B468CD1C9A"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29F8FF1F-A639-4161-9366-62528AAF4C07"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "812AB429-379A-4EDE-9664-5BC2989053F6"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13DD791F-C4BD-4456-955A-92E84082AA09"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A17E442-45AA-4780-98B4-9BF764DCC1C5"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6AF544C-5F16-4434-B9FB-93B1B7318950"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBFD9ED9-2412-44AE-9C55-0ED03A121B23"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67CCE31B-ABDA-4F32-BAF1-B1AD0664B3E2"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E66A332-ECD1-4452-B444-FB629022FDF0"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDD3D599-35E9-4590-B5E0-3AF04D344695"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3B6BFFB-7967-482C-9B49-4BD25C815299"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1791BF6D-2C96-4A6E-90D4-2906A73601F6"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "260DD751-4145-4B75-B892-5FC932C6A305"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFF4AD0D-2EC5-4CE8-B6B3-2EC8ED2FF118"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3EB1CB85-0A9B-4816-B471-278774EE6D4C"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3831AB03-4E7E-476D-9623-58AADC188DFE"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABACE305-2F0C-4B59-BC5C-6DF162B450E4"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FAC1B55-F492-484E-B837-E7745682DE0A"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0D57914-B40A-462B-9C78-6433BE2B2DB4"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9A12DF7-62C5-46AD-9236-E2821C64156E"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C43697D-390A-4AC0-A5D8-62B6D22245BF"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D52E9E9F-7A35-4CB9-813E-5A1D4A36415C"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "257291FB-969C-4413-BA81-806B5E1B40A7"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.42.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88DC6ED5-4C1A-4ED0-97BA-B245C4A236C9"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.42.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51AA7383-3AA1-4A3B-BA46-BBA8FBDC10DD"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.43.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "003D8430-AA07-41B5-9F22-696C554CB277"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.44.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C3ED21E-7907-4248-A32F-BB3102A80DC6"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.45.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2E41520-CA31-4BA0-B247-F1DCAAE98DD6"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.46.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57F2C633-D720-4FD9-9C75-2D4C57120357"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.47.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8F2FBC9-059A-4299-B59F-8EFD797E3704"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.47.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "920FCC26-B458-46D8-B023-DB4C19A51718"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.48.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B21C08D5-7454-4292-A87C-900C9494E38B"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.49.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B727926-90A2-4A7E-9905-70160C1E0D8D"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.49.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1A247AE-B209-42BE-8BE7-865AE279D23E"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.50.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8429FF9B-D7EA-40E6-A6E8-961EA71F20C7"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.50.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D387194-720A-4D9C-928E-6FAF2EC6C33C"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.50.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2782D32-B023-47B1-A513-251D5093CE5A"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.50.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8373A4E6-BA92-4B5B-9E97-E8C1E8C22C13"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.51.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "084F63A4-64E4-48FC-8B8C-A4F3E7D39D08"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.52.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0D4DFF0-9953-4AB8-8C24-3977448BFE64"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.52.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B5B274B-F232-47E8-9E8A-0EB08F97DE40"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.53.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73E42C72-868A-4AE4-A33E-79F8190C94C7"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.53.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24E2F3C4-5D88-4C16-BAA7-A34CF7687415"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.54.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "067EB50A-E70F-4C04-ACE7-67BD7E5A4344"
          },
          {
            "criteria": "cpe:2.3:a:haxx:libcurl:7.54.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C1D4922-F424-45B1-AF98-B1DD33981110"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
