CVE-2017-8818 Information

Feb 14, 2021 cve

Description

curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://security.cucumberlinux.com/security/details.php?id=163 http://www.securityfocus.com/bid/102014 http://www.securitytracker.com/id/1039898 https://curl.haxx.se/docs/adv_2017-af0a.html https://curl.haxx.se/docs/adv_2017-af0a.html https://security.gentoo.org/glsa/201712-04 curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library. cpe:2.3:a:haxx:curl:7.56.0:::::::* cpe:2.3:a:haxx:curl:7.56.1:::::::* cpe:2.3:a:haxx:libcurl:7.56.0:::::::* cpe:2.3:a:haxx:libcurl:7.56.1:::::::*

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8

Share on: