Search for vulnerabilities
Vulnerability details: VCID-4fah-w821-aaap
Vulnerability ID VCID-4fah-w821-aaap
Aliases CVE-2017-1000100
Summary When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-125 Out-of-bounds Read
CWE-126 Buffer Over-read
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000100.html
cvssv3.1 9.8 https://access.redhat.com/errata/RHSA-2018:3558
generic_textual CRITICAL https://access.redhat.com/errata/RHSA-2018:3558
cvssv3 4.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000100.json
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00412 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00412 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00412 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00412 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00455 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00455 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00455 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00537 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00537 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00651 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00651 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00651 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00651 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00651 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00651 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00651 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00651 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00651 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00651 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00651 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00651 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00651 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00651 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00651 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00651 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00651 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.00651 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
epss 0.01456 https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1478310
generic_textual Low https://curl.haxx.se/docs/adv_20170809B.html
cvssv3.1 High https://curl.se/docs/CVE-2017-1000100.html
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254
cvssv2 1.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 3.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2017-1000100
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2017-1000100
archlinux Medium https://security.archlinux.org/AVG-370
archlinux Medium https://security.archlinux.org/AVG-371
archlinux Medium https://security.archlinux.org/AVG-386
archlinux Medium https://security.archlinux.org/AVG-387
archlinux Medium https://security.archlinux.org/AVG-388
archlinux Medium https://security.archlinux.org/AVG-389
generic_textual Negligible https://ubuntu.com/security/notices/USN-3441-1
generic_textual Negligible https://ubuntu.com/security/notices/USN-3441-2
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000100.html
https://access.redhat.com/errata/RHSA-2018:3558
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000100.json
https://api.first.org/data/v1/epss?cve=CVE-2017-1000100
https://curl.haxx.se/docs/adv_20170809B.html
https://curl.se/docs/CVE-2017-1000100.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.gentoo.org/glsa/201709-14
https://support.apple.com/HT208221
https://ubuntu.com/security/notices/USN-3441-1
https://ubuntu.com/security/notices/USN-3441-2
http://www.debian.org/security/2017/dsa-3992
http://www.securityfocus.com/bid/100286
http://www.securitytracker.com/id/1039118
1478310 https://bugzilla.redhat.com/show_bug.cgi?id=1478310
871555 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871555
ASA-201708-16 https://security.archlinux.org/ASA-201708-16
ASA-201710-3 https://security.archlinux.org/ASA-201710-3
ASA-201710-4 https://security.archlinux.org/ASA-201710-4
ASA-201710-5 https://security.archlinux.org/ASA-201710-5
ASA-201710-6 https://security.archlinux.org/ASA-201710-6
ASA-201710-7 https://security.archlinux.org/ASA-201710-7
AVG-370 https://security.archlinux.org/AVG-370
AVG-371 https://security.archlinux.org/AVG-371
AVG-386 https://security.archlinux.org/AVG-386
AVG-387 https://security.archlinux.org/AVG-387
AVG-388 https://security.archlinux.org/AVG-388
AVG-389 https://security.archlinux.org/AVG-389
cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.42.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.42.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.42.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.42.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.43.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.43.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.44.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.44.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.45.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.45.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.46.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.46.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.47.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.47.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.47.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.47.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.48.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.48.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.49.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.49.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.49.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.49.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.50.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.50.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.50.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.50.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.50.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.50.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.50.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.50.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.51.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.51.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.52.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.52.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.52.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.52.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.53.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.53.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.53.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.53.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.54.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.54.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.54.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.54.1:*:*:*:*:*:*:*
CVE-2017-1000100 https://nvd.nist.gov/vuln/detail/CVE-2017-1000100
USN-3441-1 https://usn.ubuntu.com/3441-1/
USN-3441-2 https://usn.ubuntu.com/3441-2/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2018:3558
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000100.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:M/Au:S/C:P/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-1000100
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-1000100
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.58245
EPSS Score 0.00375
Published At May 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.