6.4

CVE-2015-3237

The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HaxxCurl Version7.40.0
HaxxCurl Version7.41.0
HaxxCurl Version7.42.0
HaxxCurl Version7.42.1
HaxxLibcurl Version7.40.0
HaxxLibcurl Version7.41.0
HaxxLibcurl Version7.42.0
HaxxLibcurl Version7.42.1
HpSystem Management Homepage Version <= 7.5.3.1
OracleGlassfish Server Version3.0.1
OracleGlassfish Server Version3.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.33% 0.947
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Patch
Third Party Advisory
http://www.securityfocus.com/bid/91787
Third Party Advisory
VDB Entry
https://security.gentoo.org/glsa/201509-02
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.html
http://curl.haxx.se/docs/adv_20150617B.html
Vendor Advisory
http://www.securityfocus.com/bid/75387
http://www.securitytracker.com/id/1036371