VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Apr 24, 2015· Updated May 6, 2026

CVE-2015-3145

CVE-2015-3145

Description

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

Affected products

41
  • Haxx/Curl12 versions
    cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*
  • Haxx/Libcurl13 versions
    cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*
  • HP/System Management Homepage
    cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*
    Range: <=7.5.3.1
  • Apple Inc./Mac Os X5 versions
    cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*
  • Canonical (company)/Ubuntu Linux4 versions
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • Fedoraproject/Fedora2 versions
    cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE2 versions
    cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • Oracle Corporation/Solaris
    cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

20

News mentions

0

No linked articles in our index yet.