CVE-2015-3237
MEDIUM severity · CVSS 6.4 · Improper input validation
6.4CVSS MEDIUM
Summary
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impactNone
Availability impact—
Exploit probability (EPSS)9%
AV:N/AC:L/Au:N/C:P/I:N/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Official patch: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html ↗
Additional information
- NVD record
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlPatch
- http://curl.haxx.se/docs/adv_20150617B.htmlAdvisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/75387
- http://www.securityfocus.com/bid/91787Advisory
- http://www.securitytracker.com/id/1036371