CVE-2017-1000101
Description
curl supports globbing of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be http://ur%20[0-60000000000000000000.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.624
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Curl For Windows 7.50.3 | Windows |
| Vulnerability CVE-2017-1000101 are affected in Curl For Windows 7.55.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.35.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.36.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.37.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.37.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.38.0 | Windows |
| Vulnerabilities CVE-2013-1944,CVE-2014-8150,CVE-2017-1000101 are affected in Curl For Windows 7.4.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.50.0 | Windows |
| Vulnerabilities CVE-2016-7141,CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254 are affected in Curl For Windows 7.50.1 | Windows |
| Vulnerabilities CVE-2016-7167,CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254 are affected in Curl For Windows 7.50.2 | Windows |
| Vulnerabilities CVE-2017-1000099,CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254 are affected in Curl For Windows 7.54.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.40.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.41.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.42.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.42.1 | Windows |
| Vulnerabilities CVE-2016-3739,CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254 are affected in Curl For Windows 7.43.0 | Windows |
| Vulnerabilities CVE-2016-3739,CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254 are affected in Curl For Windows 7.44.0 | Windows |
| Vulnerabilities CVE-2016-3739,CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254 are affected in Curl For Windows 7.45.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.46.0 | Windows |
| Vulnerabilities CVE-2016-3739,CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254 are affected in Curl For Windows 7.47.0 | Windows |
| Vulnerabilities CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254 are affected in Curl For Windows 7.47.1 | Windows |
| Vulnerabilities CVE-2016-3739,CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254 are affected in Curl For Windows 7.48.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.49.0 | Windows |
| Vulnerabilities CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254 are affected in Curl For Windows 7.49.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.51.0 | Windows |
| Vulnerabilities CVE-2016-9594,CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254 are affected in Curl For Windows 7.52.0 | Windows |
| Vulnerabilities CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254,CVE-2017-2629 are affected in Curl For Windows 7.52.1 | Windows |
| Vulnerabilities CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254 are affected in Curl For Windows 7.53.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.53.1 | Windows |
| Vulnerabilities CVE-2017-1000100,CVE-2017-1000101,CVE-2017-1000254,CVE-2017-9502 are affected in Curl For Windows 7.54.0 | Windows |
| Vulnerabilities CVE-2017-1000101,CVE-2017-1000254 are affected in Curl For Windows 7.55.0 | Windows |
| Vulnerabilities CVE-2017-1000101,CVE-2017-1000100,CVE-2017-1000099 are fixed in Curl For Windows 7.55.0 | Windows |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.1 | Mac |
| Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13.1 | Mac |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) curl_7.47.0-1ubuntu2.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) curl_7.47.0-1ubuntu2.3_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) curl_7.52.1-4ubuntu1.2_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) curl_7.52.1-4ubuntu1.2_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) curl_7.35.0-1ubuntu2.11_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) curl_7.35.0-1ubuntu2.11_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) libcurl3_7.47.0-1ubuntu2.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) libcurl3_7.47.0-1ubuntu2.3_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) libcurl3_7.52.1-4ubuntu1.2_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) libcurl3_7.52.1-4ubuntu1.2_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) libcurl3_7.35.0-1ubuntu2.11_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) libcurl3_7.35.0-1ubuntu2.11_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) libcurl3-nss_7.47.0-1ubuntu2.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) libcurl3-nss_7.47.0-1ubuntu2.3_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) libcurl3-nss_7.52.1-4ubuntu1.2_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) libcurl3-nss_7.52.1-4ubuntu1.2_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) libcurl3-nss_7.35.0-1ubuntu2.11_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) libcurl3-nss_7.35.0-1ubuntu2.11_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) libcurl3-gnutls_7.47.0-1ubuntu2.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) libcurl3-gnutls_7.47.0-1ubuntu2.3_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) libcurl3-gnutls_7.52.1-4ubuntu1.2_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) libcurl3-gnutls_7.52.1-4ubuntu1.2_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) libcurl3-gnutls_7.35.0-1ubuntu2.11_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3441-1) libcurl3-gnutls_7.35.0-1ubuntu2.11_amd64.deb | Linux |
| curl security update(DSA-3992-1) curl_7.52.1-5_i386.deb | Linux |
| curl security update(DSA-3992-1) curl_7.38.0-4+deb8u6_i386.deb | Linux |
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-1000101) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-601562 | macOS High Sierra 10.13.6 - Reboot Automatically |
| PATCH-601312 | Security Update 2017-001 macOS High Sierra v10.13.1 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234