Curl: Vulnerability fixed in Version 7.55.0

Submitted on 15. August 2017 - 14:49 by rischi.
Last update on 15. August 2017 - 15:27.

IDs:

CVE-2017-1000101, CVE-2017-1000100, CVE-2017-1000099

Keywords:

curl

Description:

Curl released version 7.55.0 fixing three vulnerabilities.

Airlock WAF is not affected.

Details:

CVE-2017-1000101: Out of bounds read in url gobbing function [1]. This affects only the command line tool of curl. Airlock WAF is not using this tool on untrusted input.

CVE-2017-1000100: Vulnerability in TFTP code of libcurl [2]. Does not affect Airlock WAF because TFTP is not used.

CVE-2017-1000099: Out of bounds read in file: protocol scheme code [3]. Does not affect Airlock WAF because the protocol scheme is not used.

Resolution:

no action required

Component:

Airlock

Airlock Vulnerability Status:

Does not affect Airlock

Back-end Vulnerability Status:

No action required

Reference:

[1] URL globbing out of bounds read

[2] TFTP sends more than buffer size

[3] FILE buffer read out of bounds

Main menu

Navigation

User menu

You are here

Curl: Vulnerability fixed in Version 7.55.0

Main menu

Search form

Navigation

User menu

You are here

Curl: Vulnerability fixed in Version 7.55.0