Vulnerability Details CVE-2017-8817
The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://security.cucumberlinux.com/security/details.php?id=162
- http://www.securityfocus.com/bid/102057
- http://www.securitytracker.com/id/1039897
- https://access.redhat.com/errata/RHSA-2018:3558
- https://curl.haxx.se/docs/adv_2017-ae72.html
- https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html
- https://security.gentoo.org/glsa/201712-04
- https://www.debian.org/security/2017/dsa-4051
- http://security.cucumberlinux.com/security/details.php?id=162
- http://www.securityfocus.com/bid/102057
- http://www.securitytracker.com/id/1039897
- https://access.redhat.com/errata/RHSA-2018:3558
- https://curl.haxx.se/docs/adv_2017-ae72.html
- https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html
- https://security.gentoo.org/glsa/201712-04
- https://www.debian.org/security/2017/dsa-4051
Products affected by CVE-2017-8817
-
cpe:2.3:a:haxx:curl:7.21.0
-
cpe:2.3:a:haxx:curl:7.21.1
-
cpe:2.3:a:haxx:curl:7.21.2
-
cpe:2.3:a:haxx:curl:7.21.3
-
cpe:2.3:a:haxx:curl:7.21.4
-
cpe:2.3:a:haxx:curl:7.21.5
-
cpe:2.3:a:haxx:curl:7.21.6
-
cpe:2.3:a:haxx:curl:7.21.7
-
cpe:2.3:a:haxx:curl:7.22.0
-
cpe:2.3:a:haxx:curl:7.23.0
-
cpe:2.3:a:haxx:curl:7.23.1
-
cpe:2.3:a:haxx:curl:7.24.0
-
cpe:2.3:a:haxx:curl:7.25.0
-
cpe:2.3:a:haxx:curl:7.26.0
-
cpe:2.3:a:haxx:curl:7.27.0
-
cpe:2.3:a:haxx:curl:7.28.0
-
cpe:2.3:a:haxx:curl:7.28.1
-
cpe:2.3:a:haxx:curl:7.29.0
-
cpe:2.3:a:haxx:curl:7.30.0
-
cpe:2.3:a:haxx:curl:7.31.0
-
cpe:2.3:a:haxx:curl:7.32.0
-
cpe:2.3:a:haxx:curl:7.33.0
-
cpe:2.3:a:haxx:curl:7.34.0
-
cpe:2.3:a:haxx:curl:7.35.0
-
cpe:2.3:a:haxx:curl:7.36.0
-
cpe:2.3:a:haxx:curl:7.37.0
-
cpe:2.3:a:haxx:curl:7.37.1
-
cpe:2.3:a:haxx:curl:7.38.0
-
cpe:2.3:a:haxx:curl:7.39.0
-
cpe:2.3:a:haxx:curl:7.40.0
-
cpe:2.3:a:haxx:curl:7.41.0
-
cpe:2.3:a:haxx:curl:7.42.0
-
cpe:2.3:a:haxx:curl:7.42.1
-
cpe:2.3:a:haxx:curl:7.43.0
-
cpe:2.3:a:haxx:curl:7.44.0
-
cpe:2.3:a:haxx:curl:7.45.0
-
cpe:2.3:a:haxx:curl:7.46.0
-
cpe:2.3:a:haxx:curl:7.47.0
-
cpe:2.3:a:haxx:curl:7.47.1
-
cpe:2.3:a:haxx:curl:7.48.0
-
cpe:2.3:a:haxx:curl:7.49.0
-
cpe:2.3:a:haxx:curl:7.49.1
-
cpe:2.3:a:haxx:curl:7.50.0
-
cpe:2.3:a:haxx:curl:7.50.1
-
cpe:2.3:a:haxx:curl:7.50.2
-
cpe:2.3:a:haxx:curl:7.50.3
-
cpe:2.3:a:haxx:curl:7.51.0
-
cpe:2.3:a:haxx:curl:7.52.0
-
cpe:2.3:a:haxx:curl:7.52.1
-
cpe:2.3:a:haxx:curl:7.53.0
-
cpe:2.3:a:haxx:curl:7.53.1
-
cpe:2.3:a:haxx:curl:7.54.0
-
cpe:2.3:a:haxx:curl:7.54.1
-
cpe:2.3:a:haxx:curl:7.55.0
-
cpe:2.3:a:haxx:curl:7.55.1
-
cpe:2.3:a:haxx:curl:7.56.0
-
cpe:2.3:a:haxx:curl:7.56.1
-
cpe:2.3:a:haxx:libcurl:7.21.1
-
cpe:2.3:a:haxx:libcurl:7.21.2
-
cpe:2.3:a:haxx:libcurl:7.21.3
-
cpe:2.3:a:haxx:libcurl:7.21.4
-
cpe:2.3:a:haxx:libcurl:7.21.5
-
cpe:2.3:a:haxx:libcurl:7.21.6
-
cpe:2.3:a:haxx:libcurl:7.21.7
-
cpe:2.3:a:haxx:libcurl:7.22.0
-
cpe:2.3:a:haxx:libcurl:7.23.0
-
cpe:2.3:a:haxx:libcurl:7.23.1
-
cpe:2.3:a:haxx:libcurl:7.24.0
-
cpe:2.3:a:haxx:libcurl:7.25.0
-
cpe:2.3:a:haxx:libcurl:7.26.0
-
cpe:2.3:a:haxx:libcurl:7.27.0
-
cpe:2.3:a:haxx:libcurl:7.28.0
-
cpe:2.3:a:haxx:libcurl:7.28.1
-
cpe:2.3:a:haxx:libcurl:7.29.0
-
cpe:2.3:a:haxx:libcurl:7.30.0
-
cpe:2.3:a:haxx:libcurl:7.31.0
-
cpe:2.3:a:haxx:libcurl:7.32.0
-
cpe:2.3:a:haxx:libcurl:7.33.0
-
cpe:2.3:a:haxx:libcurl:7.34.0
-
cpe:2.3:a:haxx:libcurl:7.35.0
-
cpe:2.3:a:haxx:libcurl:7.36.0
-
cpe:2.3:a:haxx:libcurl:7.37.0
-
cpe:2.3:a:haxx:libcurl:7.37.1
-
cpe:2.3:a:haxx:libcurl:7.38.0
-
cpe:2.3:a:haxx:libcurl:7.39
-
cpe:2.3:a:haxx:libcurl:7.39.0
-
cpe:2.3:a:haxx:libcurl:7.40.0
-
cpe:2.3:a:haxx:libcurl:7.41.0
-
cpe:2.3:a:haxx:libcurl:7.42
-
cpe:2.3:a:haxx:libcurl:7.42.0
-
cpe:2.3:a:haxx:libcurl:7.42.1
-
cpe:2.3:a:haxx:libcurl:7.43.0
-
cpe:2.3:a:haxx:libcurl:7.44.0
-
cpe:2.3:a:haxx:libcurl:7.45.0
-
cpe:2.3:a:haxx:libcurl:7.46.0
-
cpe:2.3:a:haxx:libcurl:7.47.0
-
cpe:2.3:a:haxx:libcurl:7.47.1
-
cpe:2.3:a:haxx:libcurl:7.48.0
-
cpe:2.3:a:haxx:libcurl:7.49.0
-
cpe:2.3:a:haxx:libcurl:7.49.1
-
cpe:2.3:a:haxx:libcurl:7.50.0
-
cpe:2.3:a:haxx:libcurl:7.50.1
-
cpe:2.3:a:haxx:libcurl:7.50.2
-
cpe:2.3:a:haxx:libcurl:7.50.3
-
cpe:2.3:a:haxx:libcurl:7.51.0
-
cpe:2.3:a:haxx:libcurl:7.52.0
-
cpe:2.3:a:haxx:libcurl:7.52.1
-
cpe:2.3:a:haxx:libcurl:7.53.0
-
cpe:2.3:a:haxx:libcurl:7.53.1
-
cpe:2.3:a:haxx:libcurl:7.54.0
-
cpe:2.3:a:haxx:libcurl:7.54.1
-
cpe:2.3:a:haxx:libcurl:7.55.0
-
cpe:2.3:a:haxx:libcurl:7.55.1
-
cpe:2.3:a:haxx:libcurl:7.56.0
-
cpe:2.3:a:haxx:libcurl:7.56.1
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0