#VU7884 Open redirect in libcurl and cURL - CVE-2017-1000100
Published: August 15, 2017
Vulnerability identifier: #VU7884
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-1000100
CWE-ID: CWE-601
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
libcurl
cURL
libcurl
cURL
Software vendor:
curl.haxx.se
curl.haxx.se
Description
The vulnerability allows a remote attacker to redirect website visitors to external websites.
The weakness exists due to incorrect validation of redirected URL. A remote attacker can redirect the target user's curl request to a TFTP URL with a long filename to cause the target user's curl application to send portions of system memory.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due to incorrect validation of redirected URL. A remote attacker can redirect the target user's curl request to a TFTP URL with a long filename to cause the target user's curl application to send portions of system memory.
Successful exploitation of the vulnerability results in information disclosure.
Remediation
Update to version 7.55.0.