QwikSec

Security Database

CVE

CWE

Training

CVE-2015-3145

Published: Apr 24, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

FEDORA-2015-6853

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_DEBIAN

http://curl.haxx.se/docs/adv_20150422C.html

x_refsource_CONFIRM

FEDORA-2015-6712

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_MANDRIVA

vendor-advisory

x_refsource_UBUNTU

vdb-entry

x_refsource_SECTRACK

APPLE-SA-2015-08-13-2

vendor-advisory

x_refsource_APPLE

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

x_refsource_CONFIRM

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

x_refsource_CONFIRM

openSUSE-SU-2015:0799

vendor-advisory

x_refsource_SUSE

http://advisories.mageia.org/MGASA-2015-0179.html

x_refsource_CONFIRM

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763

x_refsource_CONFIRM

https://support.apple.com/kb/HT205031

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

FEDORA-2015-6728

vendor-advisory

x_refsource_FEDORA

FEDORA-2015-6695

vendor-advisory

x_refsource_FEDORA

FEDORA-2015-6864

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.