QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-1000101

Back to search

CVE-2017-1000101

Published: Oct 4, 2017

Modified: Apr 16, 2026

PUBLISHED

Description

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.

VendorProductVersions

n/a

n/a

affected
n/a

References

RHSA-2018:3558
vendor-advisory
x_refsource_REDHAT
GLSA-201709-14
vendor-advisory
x_refsource_GENTOO
1039117
vdb-entry
x_refsource_SECTRACK
100249
vdb-entry
x_refsource_BID
DSA-3992
vendor-advisory
x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now