{"id":"CURL-CVE-2015-3144","summary":"hostname out of boundary memory access","details":"There is a private function in libcurl called `fix_hostname()` that removes a\ntrailing dot from the hostname if there is one. The function is called after\nthe hostname has been extracted from the URL libcurl has been told to act on.\n\nIf a URL is given with a zero-length hostname, like in \"http://:80\" or just\n\":80\", `fix_hostname()` indexes the hostname pointer with a -1 offset (as it\nblindly assumes a non-zero length) and both read and assign that address.\n\nAt best, this gets unnoticed but can also lead to a crash or worse. We have\nnot researched further what kind of malicious actions that potentially this\ncould be used for.","aliases":["CVE-2015-3144"],"modified":"2024-06-07T13:53:51Z","published":"2015-04-22T08:00:00Z","database_specific":{"last_affected":"7.41.0","URL":"https://curl.se/docs/CVE-2015-3144.json","severity":"Medium","package":"curl","affects":"both","CWE":{"id":"CWE-124","desc":"Buffer Underwrite ('Buffer Underflow')"},"www":"https://curl.se/docs/CVE-2015-3144.html"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.37.0"},{"fixed":"7.42.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"5de8d84098db1bd24e7fffefbe14e81f2a05995a"},{"fixed":"0583e87ada7a3cfb10904ae4ab61b339582c5bd3"}]}],"versions":["7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0"],"database_specific":{"source":"https://curl.se/docs/CURL-CVE-2015-3144.json","vanir_signatures":[{"id":"CURL-CVE-2015-3144-285a442b","digest":{"length":1215,"function_hash":"302857014196003819835645927753951719924"},"source":"https://github.com/curl/curl.git/commit/0583e87ada7a3cfb10904ae4ab61b339582c5bd3","target":{"file":"lib/url.c","function":"fix_hostname"},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"CURL-CVE-2015-3144-dd778062","digest":{"threshold":0.9,"line_hashes":["270878377318186174494843635834225150969","46407169664050383391727544247789172485","51621819899399844632954616211039468642","118193069924792380754011537934000253690"]},"source":"https://github.com/curl/curl.git/commit/0583e87ada7a3cfb10904ae4ab61b339582c5bd3","target":{"file":"lib/url.c"},"signature_type":"Line","deprecated":false,"signature_version":"v1"}]}}],"schema_version":"1.7.3","credits":[{"name":"Hanno Böck","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}