Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2017-1000101

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
Products affected by CVE-2017-1000101
  • Haxx » Curl » Version: 7.35.0
    cpe:2.3:a:haxx:curl:7.35.0
  • Haxx » Curl » Version: 7.36.0
    cpe:2.3:a:haxx:curl:7.36.0
  • Haxx » Curl » Version: 7.37.0
    cpe:2.3:a:haxx:curl:7.37.0
  • Haxx » Curl » Version: 7.37.1
    cpe:2.3:a:haxx:curl:7.37.1
  • Haxx » Curl » Version: 7.38.0
    cpe:2.3:a:haxx:curl:7.38.0
  • Haxx » Curl » Version: 7.39.0
    cpe:2.3:a:haxx:curl:7.39.0
  • Haxx » Curl » Version: 7.4.1
    cpe:2.3:a:haxx:curl:7.4.1
  • Haxx » Curl » Version: 7.40.0
    cpe:2.3:a:haxx:curl:7.40.0
  • Haxx » Curl » Version: 7.41.0
    cpe:2.3:a:haxx:curl:7.41.0
  • Haxx » Curl » Version: 7.42.0
    cpe:2.3:a:haxx:curl:7.42.0
  • Haxx » Curl » Version: 7.42.1
    cpe:2.3:a:haxx:curl:7.42.1
  • Haxx » Curl » Version: 7.43.0
    cpe:2.3:a:haxx:curl:7.43.0
  • Haxx » Curl » Version: 7.44.0
    cpe:2.3:a:haxx:curl:7.44.0
  • Haxx » Curl » Version: 7.45.0
    cpe:2.3:a:haxx:curl:7.45.0
  • Haxx » Curl » Version: 7.46.0
    cpe:2.3:a:haxx:curl:7.46.0
  • Haxx » Curl » Version: 7.47.0
    cpe:2.3:a:haxx:curl:7.47.0
  • Haxx » Curl » Version: 7.47.1
    cpe:2.3:a:haxx:curl:7.47.1
  • Haxx » Curl » Version: 7.48.0
    cpe:2.3:a:haxx:curl:7.48.0
  • Haxx » Curl » Version: 7.49.0
    cpe:2.3:a:haxx:curl:7.49.0
  • Haxx » Curl » Version: 7.49.1
    cpe:2.3:a:haxx:curl:7.49.1
  • Haxx » Curl » Version: 7.50.0
    cpe:2.3:a:haxx:curl:7.50.0
  • Haxx » Curl » Version: 7.50.1
    cpe:2.3:a:haxx:curl:7.50.1
  • Haxx » Curl » Version: 7.50.2
    cpe:2.3:a:haxx:curl:7.50.2
  • Haxx » Curl » Version: 7.50.3
    cpe:2.3:a:haxx:curl:7.50.3
  • Haxx » Curl » Version: 7.51.0
    cpe:2.3:a:haxx:curl:7.51.0
  • Haxx » Curl » Version: 7.52.0
    cpe:2.3:a:haxx:curl:7.52.0
  • Haxx » Curl » Version: 7.52.1
    cpe:2.3:a:haxx:curl:7.52.1
  • Haxx » Curl » Version: 7.53.0
    cpe:2.3:a:haxx:curl:7.53.0
  • Haxx » Curl » Version: 7.53.1
    cpe:2.3:a:haxx:curl:7.53.1
  • Haxx » Curl » Version: 7.54.0
    cpe:2.3:a:haxx:curl:7.54.0
  • Haxx » Curl » Version: 7.54.1
    cpe:2.3:a:haxx:curl:7.54.1
  • Haxx » Curl » Version: 7.55.0
    cpe:2.3:a:haxx:curl:7.55.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved