Vulnerability Details : CVE-2017-8818
curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2017-8818
- cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.56.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.56.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-8818
0.65%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-8818
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-8818
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8818
-
https://security.gentoo.org/glsa/201712-04
cURL: Multiple vulnerabilities (GLSA 201712-04) — Gentoo securityThird Party Advisory
-
https://curl.haxx.se/docs/adv_2017-af0a.html
curl - SSL out of buffer access - CVE-2017-8818Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/102014
cURL/libcURL CVE-2017-8818 Out of Bounds Read Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039898
libcurl SSL Memory Allocation Error Lets Remote Users Cause the Target Service to Crash - SecurityTrackerThird Party Advisory;VDB Entry
-
http://security.cucumberlinux.com/security/details.php?id=163
CLD-163 DetailsThird Party Advisory
Jump to