You are here

Curl: Vulnerability fixed in Version 7.55.0

Affects product: 
Airlock WAF
IDs: 
CVE-2017-1000101, CVE-2017-1000100, CVE-2017-1000099
Keywords: 
curl
Description: 

Curl released version 7.55.0 fixing three vulnerabilities.

Airlock WAF is not affected.

Details:

CVE-2017-1000101: Out of bounds read in url gobbing function [1]. This affects only the command line tool of curl. Airlock WAF is not using this tool on untrusted input.

CVE-2017-1000100: Vulnerability in TFTP code of libcurl [2]. Does not affect Airlock WAF because TFTP is not used.

CVE-2017-1000099: Out of bounds read in file: protocol scheme code [3]. Does not affect Airlock WAF because the protocol scheme is not used.

Resolution: 

no action required

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required