Package Instance

reference_id

AVG-370

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-386

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-387

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-388

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-389

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

dsa-3992

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:34:47Z/

url

reference_url

reference_id

GLSA-201709-14

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:34:47Z/

url

reference_url

reference_id

HT208221

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:34:47Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000101.json

reference_url	https://usn.ubuntu.com/3441-1/
reference_id	USN-3441-1
reference_type
scores
url	https://usn.ubuntu.com/3441-1/

reference_url	https://usn.ubuntu.com/3441-2/
reference_id	USN-3441-2
reference_type
scores
url	https://usn.ubuntu.com/3441-2/

fixed_packages

url	pkg:apk/alpine/curl@7.55.0-r0?arch=riscv64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/curl@7.55.0-r0?arch=riscv64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@7.55.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=main

aliases CVE-2017-1000100

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5svr-3vv9-mqea

url VCID-mh96-gkf1-9uek

vulnerability_id VCID-mh96-gkf1-9uek

summary curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.

references

reference_url

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000101.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000101

reference_id

reference_type

scores

value	0.00655
scoring_system	epss
scoring_elements	0.7133
published_at	2026-06-04T12:55:00Z

value	0.00655
scoring_system	epss
scoring_elements	0.71375
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000101

reference_url

https://curl.se/docs/CVE-2017-1000101.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2017-1000101.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

http://www.securityfocus.com/bid/100249

reference_id

100249

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:45:32Z/

url

http://www.securityfocus.com/bid/100249

reference_url

http://www.securitytracker.com/id/1039117

reference_id

1039117

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:45:32Z/

url

http://www.securitytracker.com/id/1039117

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1478309
reference_id	1478309
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1478309

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871554
reference_id	871554
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871554

reference_url

https://curl.haxx.se/docs/adv_20170809A.html

reference_id

adv_20170809A.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:45:32Z/

url

https://curl.haxx.se/docs/adv_20170809A.html

reference_url	https://security.archlinux.org/ASA-201708-16
reference_id	ASA-201708-16
reference_type
scores
url	https://security.archlinux.org/ASA-201708-16

reference_url

reference_id

AVG-370

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

dsa-3992

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:45:32Z/

url

reference_url

reference_id

GLSA-201709-14

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:45:32Z/

url

reference_url

reference_id

HT208221

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:45:32Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000099.json

reference_url	https://usn.ubuntu.com/3441-1/
reference_id	USN-3441-1
reference_type
scores
url	https://usn.ubuntu.com/3441-1/

fixed_packages

url	pkg:apk/alpine/curl@7.55.0-r0?arch=riscv64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/curl@7.55.0-r0?arch=riscv64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@7.55.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=main

aliases CVE-2017-1000101

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mh96-gkf1-9uek

url VCID-u3au-c4x8-m7hc

vulnerability_id VCID-u3au-c4x8-m7hc

summary When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.

references

reference_url

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000099.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000099

reference_id

reference_type

scores

value	0.00623
scoring_system	epss
scoring_elements	0.70512
published_at	2026-06-04T12:55:00Z

value	0.00623
scoring_system	epss
scoring_elements	0.70554
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000099

reference_url

https://curl.se/docs/CVE-2017-1000099.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2017-1000099.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1478316
reference_id	1478316
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1478316

reference_url	https://security.archlinux.org/ASA-201708-16
reference_id	ASA-201708-16
reference_type
scores
url	https://security.archlinux.org/ASA-201708-16

reference_url	https://security.archlinux.org/ASA-201710-3
reference_id	ASA-201710-3
reference_type
scores
url	https://security.archlinux.org/ASA-201710-3

reference_url	https://security.archlinux.org/ASA-201710-4
reference_id	ASA-201710-4
reference_type
scores
url	https://security.archlinux.org/ASA-201710-4

reference_url	https://security.archlinux.org/ASA-201710-5
reference_id	ASA-201710-5
reference_type
scores
url	https://security.archlinux.org/ASA-201710-5

reference_url	https://security.archlinux.org/ASA-201710-6
reference_id	ASA-201710-6
reference_type
scores
url	https://security.archlinux.org/ASA-201710-6

reference_url	https://security.archlinux.org/ASA-201710-7
reference_id	ASA-201710-7
reference_type
scores
url	https://security.archlinux.org/ASA-201710-7

reference_url

reference_id

AVG-370

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-386

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-387

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-388

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-389

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url