{"id":"CURL-CVE-2017-1000101","summary":"URL globbing out of bounds read","details":"curl supports \"globbing\" of URLs, in which a user can pass a numerical range\nto have the tool iterate over those numbers to do a sequence of transfers.\n\nIn the globbing function that parses the numerical range, there was an\nomission that made curl read a byte beyond the end of the URL if given a\ncarefully crafted, or just wrongly written, URL. The URL is stored in a heap\nbased buffer, so it could then be made to wrongly read something else instead\nof crashing.\n\nAn example of a URL that triggers the flaw would be\n`http://ur%20[0-60000000000000000000`.","aliases":["CVE-2017-1000101"],"modified":"2024-07-02T09:22:24Z","published":"2017-08-09T08:00:00Z","database_specific":{"severity":"Medium","last_affected":"7.54.1","URL":"https://curl.se/docs/CVE-2017-1000101.json","affects":"tool","package":"curl","www":"https://curl.se/docs/CVE-2017-1000101.html","CWE":{"desc":"Buffer Over-read","id":"CWE-126"}},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.34.0"},{"fixed":"7.55.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"5ca96cb84410270e233c92bf1b2583cba40c3fad"},{"fixed":"453e7a7a03a2cec749abd3878a48e728c515cca7"}]}],"versions":["7.54.1","7.54.0","7.53.1","7.53.0","7.52.1","7.52.0","7.51.0","7.50.3","7.50.2","7.50.1","7.50.0","7.49.1","7.49.0","7.48.0","7.47.1","7.47.0","7.46.0","7.45.0","7.44.0","7.43.0","7.42.1","7.42.0","7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0","7.36.0","7.35.0","7.34.0"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/curl/curl.git/commit/453e7a7a03a2cec749abd3878a48e728c515cca7","deprecated":false,"target":{"file":"src/tool_urlglob.c","function":"glob_range"},"digest":{"length":2893,"function_hash":"60326349713164111015205419997284250710"},"signature_type":"Function","signature_version":"v1","id":"CURL-CVE-2017-1000101-d35fff0a"},{"source":"https://github.com/curl/curl.git/commit/453e7a7a03a2cec749abd3878a48e728c515cca7","deprecated":false,"target":{"file":"src/tool_urlglob.c"},"digest":{"threshold":0.9,"line_hashes":["123150116165892801649156348291261903198","285900347832440945719183793124713313729","338786517253160465565202185010639599373","254954250228785359441594206624569439575"]},"signature_type":"Line","signature_version":"v1","id":"CURL-CVE-2017-1000101-de4d641e"}],"source":"https://curl.se/docs/CURL-CVE-2017-1000101.json"}}],"schema_version":"1.7.3","credits":[{"name":"Brian Carpenter","type":"FINDER"},{"name":"Yongji Ouyang","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}