Home

CVE-2017-8817

Description

The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an [ character.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.61

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2017-8816,CVE-2017-8817 are affected in Curl For Windows 7.54.1Windows
Vulnerabilities CVE-2017-8818,CVE-2017-8817,CVE-2017-8816 are fixed in Curl For Windows 7.57.0Windows
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.3Mac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.3 Combo UpdateMac
HTTP, HTTPS, and FTP client and client libraries (USN-3498-1) curl_7.52.1-4ubuntu1.4_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3498-1) curl_7.52.1-4ubuntu1.4_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3498-1) libcurl3_7.52.1-4ubuntu1.4_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3498-1) libcurl3_7.52.1-4ubuntu1.4_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3498-1) libcurl3-nss_7.52.1-4ubuntu1.4_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3498-1) libcurl3-nss_7.52.1-4ubuntu1.4_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3498-1) libcurl3-gnutls_7.52.1-4ubuntu1.4_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3498-1) libcurl3-gnutls_7.52.1-4ubuntu1.4_amd64.debLinux
curl security update(DSA-4051-1) curl_7.38.0-4+deb8u8_i386.debLinux
curl security update(DSA-4051-1) curl_7.38.0-4+deb8u8_amd64.debLinux
curl security update(DSA-4051-1) curl_7.52.1-5+deb9u3_i386.debLinux
curl security update(DSA-4051-1) curl_7.52.1-5+deb9u3_amd64.debLinux
Out-of-bounds Read Vulnerability (CVE-2017-8817)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234