Unknown
CVE-2017-1000101
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Unknown
(0 users assessed)
Unknown
(0 users assessed)Unknown
Unknown
Unknown
CVE-2017-1000101
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
curl supports “globbing” of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be http://ur%20[0-60000000000000000000.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- curl 7.35.0,
- curl 7.36.0,
- curl 7.37.0,
- curl 7.37.1,
- curl 7.38.0,
- curl 7.39.0,
- curl 7.4.1,
- curl 7.40.0,
- curl 7.41.0,
- curl 7.42.0,
- curl 7.42.1,
- curl 7.43.0,
- curl 7.44.0,
- curl 7.45.0,
- curl 7.46.0,
- curl 7.47.0,
- curl 7.47.1,
- curl 7.48.0,
- curl 7.49.0,
- curl 7.49.1,
- curl 7.50.0,
- curl 7.50.1,
- curl 7.50.2,
- curl 7.50.3,
- curl 7.51.0,
- curl 7.52.0,
- curl 7.52.1,
- curl 7.53.0,
- curl 7.53.1,
- curl 7.54.0,
- curl 7.54.1,
- curl 7.55.0
References
Advisory
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
