Out-of-bounds read in curl (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-1000101 |
| CWE-ID | CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
curl (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds read
EUVDB-ID: #VU7885
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-1000101
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to redirect website visitors to external websites.
The weakness exists due to out-of-bounds read. A local user can supply a URL containing specially crafted numerical range characters to trigger a heap read error and obtain potentially sensitive information from system memory
Successful exploitation of the vulnerability results in information disclosure.
Install update from vendor's website.
Vulnerable software versionscurl (Alpine package): 7.52.1-r1 - 7.54.1-r0
External linkshttp://git.alpinelinux.org/aports/commit/?id=4a60b4d3583938cdd36c82d763ac5167d7720079
http://git.alpinelinux.org/aports/commit/?id=8e6f31c56dbe2966fb43113f9c7c1039bbef9865
http://git.alpinelinux.org/aports/commit/?id=a51f2d7593706eb38073b80df6192c6730f36c60
http://git.alpinelinux.org/aports/commit/?id=dba8b02f8c7dbcbb9187eac2b24fd749edc37599
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
