CVE-2015-3144
CVSS 9.0 - HIGH
Description
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."
Affected Products
19| Vendor | Product | Version |
|---|---|---|
| oracle | mysql_enterprise_monitor |
All versions
|
| oracle | mysql_enterprise_monitor |
All versions
|
| haxx | curl |
7.37.0
|
| haxx | curl |
7.37.1
|
| haxx | curl |
7.38.0
|
| haxx | curl |
7.39.0
|
| haxx | curl |
7.40.0
|
| haxx | curl |
7.41.0
|
| haxx | libcurl |
7.37.0
|
| haxx | libcurl |
7.37.1
|
| haxx | libcurl |
7.38.0
|
| haxx | libcurl |
7.39
|
| haxx | libcurl |
7.40.0
|
| haxx | libcurl |
7.41.0
|
| canonical | ubuntu_linux |
12.04
|
| canonical | ubuntu_linux |
14.04
|
| canonical | ubuntu_linux |
14.10
|
| canonical | ubuntu_linux |
15.04
|
| debian | debian_linux |
7.0
|
References
Weakness Types
CWE-119
CVE Information
- CVE ID:
CVE-2015-3144- Published:
- 2015-04-24
- Modified:
- 2026-05-06
- CVSS Score:
- 9.0
- Severity:
- HIGH
- Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
Affected Vendors
canonical
oracle
debian
haxx
Quick Actions
CVSS Severity Scale
0.0 - 3.9
LOW
4.0 - 6.9
MEDIUM
7.0 - 8.9
HIGH
9.0 - 10.0
CRITICAL