Denial of Service Vulnerability in cURL and libcurl by Vendor
CVE-2015-3144

Currently unrated

Key Information:

Vendor

Oracle
Status
Mysql Enterprise Monitor
Vendor
CVE Published:
24 April 2015

What is CVE-2015-3144?

The fix_hostname function in cURL and libcurl versions 7.37.0 to 7.41.0 suffers from a flaw in index calculation. This issue allows remote attackers to exploit the vulnerability by sending requests with a zero-length hostname, such as 'http://:80' or ':80', leading to potential denial of service through crashes or out-of-bounds read or write operations. Users of affected versions should consider updating to safeguard against these possible exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
http://www.oracle.com/technetwork/topics/security/cpuoct2...
x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3232
vendor-advisoryx_refsource_DEBIAN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.