{"id":"USN-3498-1","summary":"curl vulnerabilities","details":"Alex Nichols discovered that curl incorrectly handled NTLM authentication\ncredentials. A remote attacker could use this issue to cause curl to crash,\nresulting in a denial of service, or possibly execute arbitrary code. This\nissue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10.\n(CVE-2017-8816)\n\nIt was discovered that curl incorrectly handled FTP wildcard matching. A\nremote attacker could use this issue to cause curl to crash, resulting in a\ndenial of service, or possibly obtain sensitive information.\n(CVE-2017-8817)\n","modified":"2026-02-10T04:41:15Z","published":"2017-11-29T13:19:11Z","related":["UBUNTU-CVE-2017-8816","UBUNTU-CVE-2017-8817"],"upstream":["CVE-2017-8816","CVE-2017-8817","UBUNTU-CVE-2017-8816","UBUNTU-CVE-2017-8817"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3498-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-8816"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-8817"}],"affected":[{"package":{"name":"curl","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/curl@7.35.0-1ubuntu2.13?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.35.0-1ubuntu2.13"}]}],"versions":["7.32.0-1ubuntu1","7.33.0-1ubuntu1","7.34.0-1ubuntu1","7.35.0-1ubuntu1","7.35.0-1ubuntu2","7.35.0-1ubuntu2.1","7.35.0-1ubuntu2.2","7.35.0-1ubuntu2.3","7.35.0-1ubuntu2.5","7.35.0-1ubuntu2.6","7.35.0-1ubuntu2.7","7.35.0-1ubuntu2.8","7.35.0-1ubuntu2.9","7.35.0-1ubuntu2.10","7.35.0-1ubuntu2.11","7.35.0-1ubuntu2.12"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"7.35.0-1ubuntu2.13","binary_name":"curl"},{"binary_version":"7.35.0-1ubuntu2.13","binary_name":"libcurl3"},{"binary_version":"7.35.0-1ubuntu2.13","binary_name":"libcurl3-gnutls"},{"binary_version":"7.35.0-1ubuntu2.13","binary_name":"libcurl3-nss"},{"binary_version":"7.35.0-1ubuntu2.13","binary_name":"libcurl4-gnutls-dev"},{"binary_version":"7.35.0-1ubuntu2.13","binary_name":"libcurl4-nss-dev"},{"binary_version":"7.35.0-1ubuntu2.13","binary_name":"libcurl4-openssl-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3498-1.json","cves_map":{"cves":[{"id":"CVE-2017-8817","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:14.04:LTS"}}},{"package":{"name":"curl","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/curl@7.47.0-1ubuntu2.5?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.47.0-1ubuntu2.5"}]}],"versions":["7.43.0-1ubuntu2","7.45.0-1ubuntu1","7.46.0-1ubuntu1","7.47.0-1ubuntu1","7.47.0-1ubuntu2","7.47.0-1ubuntu2.1","7.47.0-1ubuntu2.2","7.47.0-1ubuntu2.3","7.47.0-1ubuntu2.4"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"7.47.0-1ubuntu2.5","binary_name":"curl"},{"binary_version":"7.47.0-1ubuntu2.5","binary_name":"libcurl3"},{"binary_version":"7.47.0-1ubuntu2.5","binary_name":"libcurl3-gnutls"},{"binary_version":"7.47.0-1ubuntu2.5","binary_name":"libcurl3-nss"},{"binary_version":"7.47.0-1ubuntu2.5","binary_name":"libcurl4-gnutls-dev"},{"binary_version":"7.47.0-1ubuntu2.5","binary_name":"libcurl4-nss-dev"},{"binary_version":"7.47.0-1ubuntu2.5","binary_name":"libcurl4-openssl-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3498-1.json","cves_map":{"cves":[{"id":"CVE-2017-8816","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2017-8817","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:16.04:LTS"}}}],"schema_version":"1.7.3"}