Haxx : Security Vulnerabilities, CVEs, Published In 2015 (Denial of service)
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.
Max CVSS
6.4
EPSS Score
1.12%
Published
2015-06-22
Updated
2018-10-17
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
Max CVSS
7.5
EPSS Score
88.13%
Published
2015-04-24
Updated
2018-10-30
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."
Max CVSS
9.0
EPSS Score
6.51%
Published
2015-04-24
Updated
2018-10-17
3 vulnerabilities found