CVE-2015-3144

Currently unrated

Key Information:

Vendor: Oracle
Status: Mysql Enterprise Monitor
Vendor: CVE Published:; 24 April 2015

Summary

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://www.oracle.com/technetwork/topics/security/cpuoct2...

x_refsource_CONFIRM

http://www.debian.org/security/2015/dsa-3232

vendor-advisoryx_refsource_DEBIAN

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 24, 2015
Vulnerability Reserved
Apr 10, 2015