CVE-2017-1000101

Priority
Low
Description
curl supports "globbing" of URLs, in which a user can pass a numerical
range to have the tool iterate over those numbers to do a sequence of
transfers. In the globbing function that parses the numerical range, there
was an omission that made curl read a byte beyond the end of the URL if
given a carefully crafted, or just wrongly written, URL. The URL is stored
in a heap based buffer, so it could then be made to wrongly read something
else instead of crashing. An example of a URL that triggers the flaw would
be `http://ur%20[0-60000000000000000000`.
References
Notes
 sbeattie> only affects curl command line tool, not libcurl
 sbeattie> introduced in 7.34.0
Assigned-to
mdeslaur
Package
Source: curl (LP Ubuntu Debian)
Upstream:released (7.55.0)
Ubuntu 17.10 (Artful Aardvark):not-affected (7.55.1-1ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):released (7.35.0-1ubuntu2.11)
Ubuntu Core 15.04:needed
Ubuntu 16.04 LTS (Xenial Xerus):released (7.47.0-1ubuntu2.3)
Ubuntu 17.04 (Zesty Zapus):released (7.52.1-4ubuntu1.2)
Patches:
Upstream:https://curl.haxx.se/CVE-2017-1000101.patch
Upstream:https://github.com/curl/curl/commit/453e7a7a03a2cec749abd3878a48e728c515cca7
More Information

Updated: 2017-10-10 16:14:17 UTC (commit 13484)