First published: Fri Apr 24 2015(Updated: )
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fedoraproject Fedora | =21 | |
Fedoraproject Fedora | =22 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =14.10 | |
Canonical Ubuntu Linux | =15.04 | |
Debian Debian Linux | =7.0 | |
Haxx Curl | =7.31.0 | |
Haxx Curl | =7.32.0 | |
Haxx Curl | =7.33.0 | |
Haxx Curl | =7.34.0 | |
Haxx Curl | =7.35.0 | |
Haxx Curl | =7.36.0 | |
Haxx Curl | =7.37.0 | |
Haxx Curl | =7.37.1 | |
Haxx Curl | =7.38.0 | |
Haxx Curl | =7.39.0 | |
Haxx Curl | =7.40.0 | |
Haxx Curl | =7.41.0 | |
Apple Mac OS X | =10.10.0 | |
Apple Mac OS X | =10.10.1 | |
Apple Mac OS X | =10.10.2 | |
Apple Mac OS X | =10.10.3 | |
Apple Mac OS X | =10.10.4 | |
Oracle Solaris | =11.3 | |
Haxx Libcurl | =7.30.0 | |
Haxx Libcurl | =7.31.0 | |
Haxx Libcurl | =7.32.0 | |
Haxx Libcurl | =7.33.0 | |
Haxx Libcurl | =7.34.0 | |
Haxx Libcurl | =7.35.0 | |
Haxx Libcurl | =7.36.0 | |
Haxx Libcurl | =7.37.0 | |
Haxx Libcurl | =7.37.1 | |
Haxx Libcurl | =7.38.0 | |
Haxx Libcurl | =7.39 | |
Haxx Libcurl | =7.40.0 | |
Haxx Libcurl | =7.41.0 | |
HP System Management Homepage | <=7.5.3.1 | |
openSUSE openSUSE | =13.1 | |
openSUSE openSUSE | =13.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.