#VU7884 Open redirect in libcurl and cURL


Published: 2017-08-15

Vulnerability identifier: #VU7884

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-1000100

CWE-ID: CWE-601

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libcurl
Universal components / Libraries / Libraries used by multiple products
cURL
Client/Desktop applications / Other client software

Vendor: curl.haxx.se

Description
The vulnerability allows a remote attacker to redirect website visitors to external websites.

The weakness exists due to incorrect validation of redirected URL. A remote attacker can redirect the target user's curl request to a TFTP URL with a long filename to cause the target user's curl application to send portions of system memory.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation
Update to version 7.55.0.

Vulnerable software versions

libcurl: 7.12.1 - 7.54.0

cURL: 7.15 - 7.53.0

External links
http://curl.haxx.se/docs/adv_20170809B.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell EMC Unisphere Central
Debian update for curl
Debian update for curl
Arch Linux update for lib32-curl
Arch Linux update for lib32-libcurl-gnutls
Arch Linux update for libcurl-gnutls
Arch Linux update for lib32-libcurl-compat
Arch Linux update for libcurl-compat
Gentoo update for cURL
Amazon Linux AMI update for curl