{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2017-08-22T00:00:00.000Z", "datePublic": "2017-10-03T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-13T10:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT208221"}, {"name": "RHSA-2018:3558", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"name": "GLSA-201709-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201709-14"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://curl.haxx.se/docs/adv_20170809A.html"}, {"name": "1039117", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039117"}, {"name": "100249", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100249"}, {"name": "DSA-3992", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3992"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2017-08-22T17:29:33.316423", "ID": "CVE-2017-1000101", "REQUESTER": "daniel@haxx.se", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/HT208221", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208221"}, {"name": "RHSA-2018:3558", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"name": "GLSA-201709-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-14"}, {"name": "https://curl.haxx.se/docs/adv_20170809A.html", "refsource": "CONFIRM", "url": "https://curl.haxx.se/docs/adv_20170809A.html"}, {"name": "1039117", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039117"}, {"name": "100249", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100249"}, {"name": "DSA-3992", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3992"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:53:06.565Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT208221"}, {"name": "RHSA-2018:3558", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"name": "GLSA-201709-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201709-14"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://curl.haxx.se/docs/adv_20170809A.html"}, {"name": "1039117", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039117"}, {"name": "100249", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100249"}, {"name": "DSA-3992", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3992"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T13:45:32.714678Z", "id": "CVE-2017-1000101", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:45:37.458Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-1000101", "datePublished": "2017-10-04T01:00:00.000Z", "dateReserved": "2017-10-03T00:00:00.000Z", "dateUpdated": "2026-04-16T13:45:37.458Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/HT208221", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:3558", "name": "RHSA-2018:3558", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/201709-14", "name": "GLSA-201709-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}, {"url": "https://curl.haxx.se/docs/adv_20170809A.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.securitytracker.com/id/1039117", "name": "1039117", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/100249", "name": "100249", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "http://www.debian.org/security/2017/dsa-3992", "name": "DSA-3992", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:53:06.565Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2017-1000101", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T13:45:32.714678Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:45:11.717Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-03T00:00:00.000Z", "references": [{"url": "https://support.apple.com/HT208221", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:3558", "name": "RHSA-2018:3558", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://security.gentoo.org/glsa/201709-14", "name": "GLSA-201709-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}, {"url": "https://curl.haxx.se/docs/adv_20170809A.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.securitytracker.com/id/1039117", "name": "1039117", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "http://www.securityfocus.com/bid/100249", "name": "100249", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "http://www.debian.org/security/2017/dsa-3992", "name": "DSA-3992", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}], "dateAssigned": "2017-08-22T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2018-11-13T10:57:01.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://support.apple.com/HT208221", "name": "https://support.apple.com/HT208221", "refsource": "CONFIRM"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3558", "name": "RHSA-2018:3558", "refsource": "REDHAT"}, {"url": "https://security.gentoo.org/glsa/201709-14", "name": "GLSA-201709-14", "refsource": "GENTOO"}, {"url": "https://curl.haxx.se/docs/adv_20170809A.html", "name": "https://curl.haxx.se/docs/adv_20170809A.html", "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id/1039117", "name": "1039117", "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/100249", "name": "100249", "refsource": "BID"}, {"url": "http://www.debian.org/security/2017/dsa-3992", "name": "DSA-3992", "refsource": "DEBIAN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-1000101", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org", "REQUESTER": "daniel@haxx.se", "DATE_ASSIGNED": "2017-08-22T17:29:33.316423"}}}}, "cveMetadata": {"cveId": "CVE-2017-1000101", "state": "PUBLISHED", "dateUpdated": "2026-04-16T13:45:37.458Z", "dateReserved": "2017-10-03T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2017-10-04T01:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haxx:curl:7.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "BC7E5201-24A0-4CEF-84D2-76DB195D3A8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D558CC2-0146-4887-834E-19FCB1D512A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*", "matchCriteriaId": "6931764D-16AB-4546-9CE3-5B4E03BC984A", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*", "matchCriteriaId": "6FC1313E-8DCB-4B29-A9BC-A27C8CB360E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*", "matchCriteriaId": "B27C2E02-5C0A-4A12-B0A6-5B1C0DFA94E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*", "matchCriteriaId": "EFC7535F-B8C7-490F-A2F9-1DCFD41A3C9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CCBFE6D-F6A9-4394-9AF8-F830DC7E6A81", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*", "matchCriteriaId": "5DEBBFCA-6A18-4F8F-B841-50255C952FA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*", "matchCriteriaId": "FEEAE437-A645-468B-B283-44799658F534", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.42.0:*:*:*:*:*:*:*", "matchCriteriaId": "03F7EE95-4EBE-4306-ADFE-A1A92CAD5F24", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.42.1:*:*:*:*:*:*:*", "matchCriteriaId": "79F7AE71-7A18-4737-9C02-0A3343B3AD4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.43.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC589DE6-773A-43E8-9393-3083DB545671", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.44.0:*:*:*:*:*:*:*", "matchCriteriaId": "24D735EA-04E3-47E7-A859-3CC1ED887E10", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.45.0:*:*:*:*:*:*:*", "matchCriteriaId": "063C1A70-0869-4933-88D7-ECE7ACCF0F99", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.46.0:*:*:*:*:*:*:*", "matchCriteriaId": "70B0A020-3DA1-4753-B810-C60E7CA06839", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.47.0:*:*:*:*:*:*:*", "matchCriteriaId": "63A18050-0DA7-400A-B564-AC9A020D57CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.47.1:*:*:*:*:*:*:*", "matchCriteriaId": "9D168A62-A5B0-4BA8-8243-1AAF3B395567", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.48.0:*:*:*:*:*:*:*", "matchCriteriaId": "11D8B02D-5A97-4F9A-8EE8-D60D621E0B0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.49.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7DC2429-0B58-4D68-9337-0077C4493714", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.49.1:*:*:*:*:*:*:*", "matchCriteriaId": "A4D5B7BD-2B9D-40AB-B13A-393FF0007A8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.50.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2AFED4D-0672-467F-999C-9D6C3722B8C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.50.1:*:*:*:*:*:*:*", "matchCriteriaId": "4BDCCD2D-3D98-4FC3-BAB5-3D09A0CAD12C", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.50.2:*:*:*:*:*:*:*", "matchCriteriaId": "8DA228CD-70CF-41FC-98F6-38194466CC32", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.50.3:*:*:*:*:*:*:*", "matchCriteriaId": "EFDE2415-78F8-4A36-AA9B-6EA8DCE399AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.51.0:*:*:*:*:*:*:*", "matchCriteriaId": "CCA05266-35B6-422D-AE73-4C934B4F5091", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.52.0:*:*:*:*:*:*:*", "matchCriteriaId": "A2AB70F1-D6A9-4ADF-A506-4C9DEE8AE754", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.52.1:*:*:*:*:*:*:*", "matchCriteriaId": "3C2FDF0C-6493-4BE1-851E-0D8CE94E36B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.53.0:*:*:*:*:*:*:*", "matchCriteriaId": "2EA9D7F9-A972-41A8-9561-DB72E37184F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.53.1:*:*:*:*:*:*:*", "matchCriteriaId": "641ACFC8-BDE2-42AC-8B3D-EF78695AD750", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.54.0:*:*:*:*:*:*:*", "matchCriteriaId": "8629C630-14E0-4C94-BBD1-B5203488A6FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.54.1:*:*:*:*:*:*:*", "matchCriteriaId": "31C6D873-9770-4FD0-AC75-4D6C06FC4A8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:haxx:curl:7.55.0:*:*:*:*:*:*:*", "matchCriteriaId": "CADB89B4-7218-4E2B-BB94-8CCEB79FB3F0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`."}, {"lang": "es", "value": "curl es compatible con el \"globbing\" de URL, donde un usuario puede pasar un rango num\u00e9rico para hacer que la herramienta itere sobre esos n\u00fameros para realizar una secuencia de transferencias. En la funci\u00f3n de \"globbing\" que analiza sint\u00e1cticamente el rango num\u00e9rico, hay una omisi\u00f3n que hace que curl lea un byte m\u00e1s all\u00e1 del fin de la URL si se proporciona una URL manipulada o simplemente mal escrita. La URL se almacena en un b\u00fafer basado en memoria din\u00e1mica (heap) para que se pueda hacer luego de tal manera que lea err\u00f3neamente otra cosa en vez de cerrarse inesperadamente. A continuaci\u00f3n se muestra un ejemplo de una URL que desencadena este fallo: \"http://ur%20[0-60000000000000000000\"."}], "id": "CVE-2017-1000101", "lastModified": "2026-04-16T14:16:10.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2017-10-05T01:29:04.103", "references": [{"source": "cve@mitre.org", "url": "http://www.debian.org/security/2017/dsa-3992"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100249"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039117"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://curl.haxx.se/docs/adv_20170809A.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201709-14"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/HT208221"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2017/dsa-3992"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100249"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039117"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://curl.haxx.se/docs/adv_20170809A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201709-14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/HT208221"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter as the original reporter.", "affected_release": [{"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "httpd24-curl-0:7.61.1-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "httpd24-httpd-0:2.4.34-7.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "httpd24-nghttp2-0:1.7.1-7.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-curl-0:7.61.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-curl-0:7.61.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-curl-0:7.61.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-curl-0:7.61.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2018-11-13T00:00:00Z"}], "bugzilla": {"description": "curl: URL globbing out of bounds read", "id": "1478309", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478309"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified"}, "cwe": "CWE-125", "details": ["curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`."], "name": "CVE-2017-1000101", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:1.0", "fix_state": "Out of support scope", "package_name": "rh-dotnetcore10-curl", "product_name": ".NET Core 1.0 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:1.1", "fix_state": "Out of support scope", "package_name": "rh-dotnetcore11-curl", "product_name": ".NET Core 1.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:2.0", "fix_state": "Out of support scope", "package_name": "rh-dotnet20-curl", "product_name": ".NET Core 2.0 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:2.1", "fix_state": "Will not fix", "package_name": "rh-dotnet21-curl", "product_name": ".NET Core 2.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_linux:7::hypervisor", "fix_state": "Not affected", "package_name": "mingw-virt-viewer", "product_name": "Red Hat Enterprise Virtualization 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat JBoss Enterprise Web Server 3"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Affected", "package_name": "httpd24-curl", "product_name": "Red Hat Software Collections"}], "public_date": "2017-08-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-1000101\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000101\nhttps://curl.haxx.se/docs/adv_20170809A.html"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}