rpm package
suse/curl&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3
pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-1000254 | Hig | 7.5 | < 7.37.0-37.8.1 | 7.37.0-37.8.1 | Oct 6, 2017 | libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the | |
| CVE-2017-1000101 | Med | 6.5 | < 7.37.0-37.3.1 | 7.37.0-37.3.1 | Oct 5, 2017 | curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the | |
| CVE-2017-1000100 | Med | 6.5 | < 7.37.0-37.3.1 | 7.37.0-37.3.1 | Oct 5, 2017 | When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large |
- affected < 7.37.0-37.8.1fixed 7.37.0-37.8.1
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the
- affected < 7.37.0-37.3.1fixed 7.37.0-37.3.1
curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the
- affected < 7.37.0-37.3.1fixed 7.37.0-37.3.1
When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large
Page 2 of 2