Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-wh98-pw9h-cyfx
Vulnerability ID VCID-wh98-pw9h-cyfx
Aliases CVE-2015-3145
Summary Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition.
Status Published
Exploitability 0.5
Weighted Severity 4.8
Risk 2.4
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-125 Out-of-bounds Read
CWE-129 Improper Validation of Array Index
CWE-131 Incorrect Calculation of Buffer Size
CWE-193 Off-by-one Error
CWE-124 Buffer Underwrite ('Buffer Underflow')
System Score Found at
epss 0.63704 https://api.first.org/data/v1/epss?cve=CVE-2015-3145
epss 0.63704 https://api.first.org/data/v1/epss?cve=CVE-2015-3145
epss 0.63704 https://api.first.org/data/v1/epss?cve=CVE-2015-3145
epss 0.63704 https://api.first.org/data/v1/epss?cve=CVE-2015-3145
epss 0.63704 https://api.first.org/data/v1/epss?cve=CVE-2015-3145
epss 0.63704 https://api.first.org/data/v1/epss?cve=CVE-2015-3145
epss 0.63704 https://api.first.org/data/v1/epss?cve=CVE-2015-3145
cvssv3.1 Medium https://curl.se/docs/CVE-2015-3145.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3145.json
https://api.first.org/data/v1/epss?cve=CVE-2015-3145
https://curl.se/docs/CVE-2015-3145.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145
1213347 https://bugzilla.redhat.com/show_bug.cgi?id=1213347
GLSA-201509-02 https://security.gentoo.org/glsa/201509-02
USN-2591-1 https://usn.ubuntu.com/2591-1/
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.98404
EPSS Score 0.63704
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:01:27.976169+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201509-02 38.0.0