CVE-2017-1000101

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be http://ur%20[0-60000000000000000000.

Published: Oct 5, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-1000101
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
haxx / curl	7.35.0	7.35.0.x
haxx / curl	7.40.0	7.40.0.x
haxx / curl	7.48.0	7.48.0.x
haxx / curl	7.45.0	7.45.0.x
haxx / curl	7.44.0	7.44.0.x
haxx / curl	7.36.0	7.36.0.x
haxx / curl	7.38.0	7.38.0.x
haxx / curl	7.42.0	7.42.0.x
haxx / curl	7.42.1	7.42.1.x
haxx / curl	7.41.0	7.41.0.x
haxx / curl	7.53.1	7.53.1.x
haxx / curl	7.47.0	7.47.0.x
haxx / curl	7.43.0	7.43.0.x
haxx / curl	7.37.1	7.37.1.x
haxx / curl	7.37.0	7.37.0.x
haxx / curl	7.39.0	7.39.0.x
haxx / curl	7.4.1	7.4.1.x
haxx / curl	7.46.0	7.46.0.x
haxx / curl	7.47.1	7.47.1.x
haxx / curl	7.49.0	7.49.0.x
haxx / curl	7.49.1	7.49.1.x
haxx / curl	7.50.0	7.50.0.x
haxx / curl	7.50.1	7.50.1.x
haxx / curl	7.50.2	7.50.2.x
haxx / curl	7.50.3	7.50.3.x
haxx / curl	7.51.0	7.51.0.x
haxx / curl	7.52.0	7.52.0.x
haxx / curl	7.52.1	7.52.1.x
haxx / curl	7.53.0	7.53.0.x
haxx / curl	7.54.0	7.54.0.x
haxx / curl	7.54.1	7.54.1.x
haxx / curl	7.55.0	7.55.0.x

Vulnerability Database

289,599

CVE-2017-1000101