Total vulnerabilities in the database
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
| Software | From | Fixed in |
|---|---|---|
| fedoraproject / fedora | 22 | 22.x |
| fedoraproject / fedora | 21 | 21.x |
| canonical / ubuntu_linux | 12.04 | 12.04.x |
| debian / debian_linux | 7.0 | 7.0.x |
| canonical / ubuntu_linux | 14.10 | 14.10.x |
| canonical / ubuntu_linux | 14.04 | 14.04.x |
| canonical / ubuntu_linux | 15.04 | 15.04.x |
| haxx / curl | 7.35.0 | 7.35.0.x |
| haxx / curl | 7.32.0 | 7.32.0.x |
| haxx / curl | 7.40.0 | 7.40.0.x |
| haxx / curl | 7.33.0 | 7.33.0.x |
| haxx / curl | 7.36.0 | 7.36.0.x |
| haxx / curl | 7.38.0 | 7.38.0.x |
| haxx / curl | 7.31.0 | 7.31.0.x |
| haxx / curl | 7.41.0 | 7.41.0.x |
| haxx / curl | 7.34.0 | 7.34.0.x |
| haxx / curl | 7.37.1 | 7.37.1.x |
| haxx / curl | 7.37.0 | 7.37.0.x |
| haxx / curl | 7.39.0 | 7.39.0.x |
| apple / mac_os_x | 10.10.0 | 10.10.0.x |
| apple / mac_os_x | 10.10.4 | 10.10.4.x |
| apple / mac_os_x | 10.10.1 | 10.10.1.x |
| apple / mac_os_x | 10.10.3 | 10.10.3.x |
| apple / mac_os_x | 10.10.2 | 10.10.2.x |
| oracle / solaris | 11.3 | 11.3.x |
| haxx / libcurl | 7.37.0 | 7.37.0.x |
| haxx / libcurl | 7.40.0 | 7.40.0.x |
| haxx / libcurl | 7.30.0 | 7.30.0.x |
| haxx / libcurl | 7.33.0 | 7.33.0.x |
| haxx / libcurl | 7.36.0 | 7.36.0.x |
| haxx / libcurl | 7.34.0 | 7.34.0.x |
| haxx / libcurl | 7.31.0 | 7.31.0.x |
| haxx / libcurl | 7.35.0 | 7.35.0.x |
| haxx / libcurl | 7.41.0 | 7.41.0.x |
| haxx / libcurl | 7.38.0 | 7.38.0.x |
| haxx / libcurl | 7.32.0 | 7.32.0.x |
| haxx / libcurl | 7.37.1 | 7.37.1.x |
| haxx / libcurl | 7.39 | 7.39.x |
| hp / system_management_homepage | - | 7.5.3.1.x |
| opensuse / opensuse | 13.1 | 13.1.x |
| opensuse / opensuse | 13.2 | 13.2.x |