| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.4 | $0-$5k | 0.00 |
Summary
A vulnerability was found in cURL up to 7.54.1 and classified as problematic. This vulnerability affects unknown code of the component URL Globbing. Such manipulation with the input http://ur%20[0-60000000000000000000 leads to memory corruption.
This vulnerability is traded as CVE-2017-1000101. An attack has to be approached locally. Furthermore, there is an exploit available.
It is suggested to upgrade the affected component.
Details
A vulnerability, which was classified as problematic, has been found in cURL up to 7.54.1 (Network Utility Software). Affected by this issue is an unknown code of the component URL Globbing. The manipulation with the input value http://ur%20[0-60000000000000000000 leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality.
The bug was discovered 06/14/2017. The weakness was shared 08/09/2017 by Brian Carpenter as adv_20170809A as confirmed advisory (Website). The advisory is shared for download at curl.haxx.se. This vulnerability is handled as CVE-2017-1000101 since 10/03/2017. The attack needs to be approached locally. A simple authentication is needed for exploitation. Technical details as well as a public exploit are known. The following code is the reason for this vulnerability:
if(errno || (*endp == ':')) {A public exploit has been developed in URL and been published immediately after the advisory. The exploit is available at curl.haxx.se. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 56 days. During that time the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 102877 (Amazon Linux AMI : curl (ALAS-2017-889)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Amazon Linux Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 276813 (Fedora Security Update for curl (FEDORA-2017-f2df9d7772)).
Upgrading to version 7.55.0 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at curl.haxx.se. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability will be addressed with the following lines of code:
if(errno)
/* overflow */
endp = NULL;
else if(*endp == ':') {The vulnerability is also documented in the databases at Tenable (102877), SecurityFocus (BID 100249†) and SecurityTracker (ID 1039117†). The entries VDB-105282, VDB-105283 and VDB-108948 are related to this item. Once again VulDB remains the best source for vulnerability data.
Product
Type
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.9VulDB Meta Temp Score: 4.7
VulDB Base Score: 3.3
VulDB Temp Score: 3.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 102877
Nessus Name: Amazon Linux AMI : curl (ALAS-2017-889)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 53378
OpenVAS Name: Debian Security Advisory DSA 3992-1 (curl - security update)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Exploit Delay Time: 🔍
Upgrade: cURL 7.55.0
Patch: curl.haxx.se
Timeline
06/14/2017 🔍08/09/2017 🔍
08/09/2017 🔍
08/09/2017 🔍
08/09/2017 🔍
08/10/2017 🔍
08/13/2017 🔍
09/01/2017 🔍
10/03/2017 🔍
10/04/2017 🔍
01/09/2021 🔍
Sources
Advisory: adv_20170809AResearcher: Brian Carpenter
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2017-1000101 (🔍)
GCVE (CVE): GCVE-0-2017-1000101
GCVE (VulDB): GCVE-100-105284
OVAL: 🔍
SecurityFocus: 100249 - cURL CVE-2017-1000101 Out of Bounds Read Information Disclosure Vulnerability
SecurityTracker: 1039117
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 08/13/2017 19:30Updated: 01/09/2021 11:51
Changes: 08/13/2017 19:30 (91), 11/06/2019 18:05 (5), 01/09/2021 11:51 (3)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.