CVE-2017-9502 Information
Description
In curl before 7.54.1 on Windows and DOS libcurl’s default protocol function which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes the given \URL\ starts with a drive letter and libcurl is built for Windows or DOS then libcurl would copy the path 7 bytes off so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string \file://).
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Reference
http://openwall.com/lists/oss-security/2017/06/14/1
http://www.securityfocus.com/bid/99120
http://www.securitytracker.com/id/1038697
https://curl.haxx.se/docs/adv_20170614.html
https://curl.haxx.se/docs/adv_20170614.html
In
curl
before
7.54.1
on
Windows
and
DOS
libcurl’s
default
protocol
function
which
is
the
logic
that
allows
an
application
to
set
which
protocol
libcurl
should
attempt
to
use
when
given
a
URL
without
a
scheme
part
had
a
flaw
that
could
lead
to
it
overwriting
a
heap
based
memory
buffer
with
seven
bytes.
If
the
default
protocol
is
specified
to
be
FILE
or
a
file:
URL
lacks
two
slashes
the
given
\URL
starts
with
a
drive
letter
and
libcurl
is
built
for
Windows
or
DOS
then
libcurl
would
copy
the
path
7
bytes
off
so
that
the
end
of
the
given
path
would
write
beyond
the
malloc
buffer
(7
bytes
being
the
length
in
bytes
of
the
ascii
string
\file://).
cpe:2.3:a:haxx:curl::::::::
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
LOW
Base Severity
5.3
Share on: