Vulnerability Details CVE-2015-3237
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.071
EPSS Ranking 91.0%
CVSS Severity
CVSS v2 Score 6.4
References
- http://curl.haxx.se/docs/adv_20150617B.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/75387
- http://www.securityfocus.com/bid/91787
- http://www.securitytracker.com/id/1036371
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://security.gentoo.org/glsa/201509-02
- http://curl.haxx.se/docs/adv_20150617B.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/75387
- http://www.securityfocus.com/bid/91787
- http://www.securitytracker.com/id/1036371
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://security.gentoo.org/glsa/201509-02
Products affected by CVE-2015-3237
-
cpe:2.3:a:haxx:curl:7.40.0
-
cpe:2.3:a:haxx:curl:7.41.0
-
cpe:2.3:a:haxx:curl:7.42.0
-
cpe:2.3:a:haxx:curl:7.42.1
-
cpe:2.3:a:haxx:libcurl:7.40.0
-
cpe:2.3:a:haxx:libcurl:7.41.0
-
cpe:2.3:a:haxx:libcurl:7.42.0
-
cpe:2.3:a:haxx:libcurl:7.42.1
-
cpe:2.3:a:hp:system_management_homepage:-
-
cpe:2.3:a:hp:system_management_homepage:2.0.0
-
cpe:2.3:a:hp:system_management_homepage:2.0.1
-
cpe:2.3:a:hp:system_management_homepage:2.0.1.104
-
cpe:2.3:a:hp:system_management_homepage:2.0.2
-
cpe:2.3:a:hp:system_management_homepage:2.0.2.106
-
cpe:2.3:a:hp:system_management_homepage:2.1
-
cpe:2.3:a:hp:system_management_homepage:2.1.0-103
-
cpe:2.3:a:hp:system_management_homepage:2.1.0-103(a)
-
cpe:2.3:a:hp:system_management_homepage:2.1.0-109
-
cpe:2.3:a:hp:system_management_homepage:2.1.0-118
-
cpe:2.3:a:hp:system_management_homepage:2.1.0.121
-
cpe:2.3:a:hp:system_management_homepage:2.1.1
-
cpe:2.3:a:hp:system_management_homepage:2.1.10
-
cpe:2.3:a:hp:system_management_homepage:2.1.10-186
-
cpe:2.3:a:hp:system_management_homepage:2.1.10.186
-
cpe:2.3:a:hp:system_management_homepage:2.1.11
-
cpe:2.3:a:hp:system_management_homepage:2.1.11-197
-
cpe:2.3:a:hp:system_management_homepage:2.1.11.197
-
cpe:2.3:a:hp:system_management_homepage:2.1.12-118
-
cpe:2.3:a:hp:system_management_homepage:2.1.12-200
-
cpe:2.3:a:hp:system_management_homepage:2.1.12.201
-
cpe:2.3:a:hp:system_management_homepage:2.1.14
-
cpe:2.3:a:hp:system_management_homepage:2.1.14.20
-
cpe:2.3:a:hp:system_management_homepage:2.1.15
-
cpe:2.3:a:hp:system_management_homepage:2.1.15-210
-
cpe:2.3:a:hp:system_management_homepage:2.1.15.210
-
cpe:2.3:a:hp:system_management_homepage:2.1.2
-
cpe:2.3:a:hp:system_management_homepage:2.1.2-127
-
cpe:2.3:a:hp:system_management_homepage:2.1.2.127
-
cpe:2.3:a:hp:system_management_homepage:2.1.3
-
cpe:2.3:a:hp:system_management_homepage:2.1.3.132
-
cpe:2.3:a:hp:system_management_homepage:2.1.4
-
cpe:2.3:a:hp:system_management_homepage:2.1.4-143
-
cpe:2.3:a:hp:system_management_homepage:2.1.4.143
-
cpe:2.3:a:hp:system_management_homepage:2.1.5
-
cpe:2.3:a:hp:system_management_homepage:2.1.5-146
-
cpe:2.3:a:hp:system_management_homepage:2.1.5.146
-
cpe:2.3:a:hp:system_management_homepage:2.1.6
-
cpe:2.3:a:hp:system_management_homepage:2.1.6-156
-
cpe:2.3:a:hp:system_management_homepage:2.1.6.156
-
cpe:2.3:a:hp:system_management_homepage:2.1.7
-
cpe:2.3:a:hp:system_management_homepage:2.1.7-168
-
cpe:2.3:a:hp:system_management_homepage:2.1.7.168
-
cpe:2.3:a:hp:system_management_homepage:2.1.8
-
cpe:2.3:a:hp:system_management_homepage:2.1.8-177
-
cpe:2.3:a:hp:system_management_homepage:2.1.8.179
-
cpe:2.3:a:hp:system_management_homepage:2.1.9
-
cpe:2.3:a:hp:system_management_homepage:2.1.9-178
-
cpe:2.3:a:hp:system_management_homepage:2.2.6
-
cpe:2.3:a:hp:system_management_homepage:2.2.8
-
cpe:2.3:a:hp:system_management_homepage:3.0.0
-
cpe:2.3:a:hp:system_management_homepage:3.0.0-68
-
cpe:2.3:a:hp:system_management_homepage:3.0.0.64
-
cpe:2.3:a:hp:system_management_homepage:3.0.1
-
cpe:2.3:a:hp:system_management_homepage:3.0.1-73
-
cpe:2.3:a:hp:system_management_homepage:3.0.1.73
-
cpe:2.3:a:hp:system_management_homepage:3.0.2
-
cpe:2.3:a:hp:system_management_homepage:3.0.2-77
-
cpe:2.3:a:hp:system_management_homepage:3.0.2.77
-
cpe:2.3:a:hp:system_management_homepage:3.2.2
-
cpe:2.3:a:hp:system_management_homepage:3.2.7
-
cpe:2.3:a:hp:system_management_homepage:6.0
-
cpe:2.3:a:hp:system_management_homepage:6.0.0-95
-
cpe:2.3:a:hp:system_management_homepage:6.0.0.96
-
cpe:2.3:a:hp:system_management_homepage:6.1
-
cpe:2.3:a:hp:system_management_homepage:6.1.0-103
-
cpe:2.3:a:hp:system_management_homepage:6.1.0.102
-
cpe:2.3:a:hp:system_management_homepage:6.2.0
-
cpe:2.3:a:hp:system_management_homepage:6.2.2.7
-
cpe:2.3:a:hp:system_management_homepage:6.3.0
-
cpe:2.3:a:hp:system_management_homepage:6.3.1
-
cpe:2.3:a:hp:system_management_homepage:7.0
-
cpe:2.3:a:hp:system_management_homepage:7.1
-
cpe:2.3:a:hp:system_management_homepage:7.2
-
cpe:2.3:a:hp:system_management_homepage:7.2.1
-
cpe:2.3:a:hp:system_management_homepage:7.4.0
-
cpe:2.3:a:hp:system_management_homepage:7.5.3.1
-
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.4
-
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2
-
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2
-
cpe:2.3:a:oracle:glassfish_server:3.0.1
-
cpe:2.3:a:oracle:glassfish_server:3.1.2