Unrated severityNVD Advisory· Published Apr 24, 2015· Updated Jun 17, 2026
CVE-2015-3144
CVE-2015-3144
Description
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
24cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*
- (no CPE)range: 7.37.0 through 7.41.0
- cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*Range: <=2.3.20
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- osv-coords5 versionspkg:rpm/opensuse/curl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 7.51.0-1.1+ 4 more
- (no CPE)range: < 7.51.0-1.1
- (no CPE)range: < 7.37.0-15.1
- (no CPE)range: < 7.37.0-15.1
- (no CPE)range: < 7.37.0-15.1
- (no CPE)range: < 7.37.0-15.1
Patches
Vulnerability mechanics
References
17- curl.haxx.se/docs/adv_20150422D.htmlnvdVendor Advisory
- kb.juniper.net/InfoCenter/indexnvd
- lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-04/msg00057.htmlnvd
- www.debian.org/security/2015/dsa-3232nvd
- www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlnvd
- www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlnvd
- www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlnvd
- www.securityfocus.com/bid/74300nvd
- www.securitytracker.com/id/1032232nvd
- www.ubuntu.com/usn/USN-2591-1nvd
- security.gentoo.org/glsa/201509-02nvd
- support.apple.com/kb/HT205031nvd
News mentions
0No linked articles in our index yet.