CVE-2017-1000100 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Information disclosure
Description	An information disclosure issue has been found in curl < 7.55.0. When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The sendto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP.

Group	Package	Affected	Fixed	Severity	Status
AVG-389	libcurl-compat	7.54.1-1	7.56.0-1	Medium	Fixed
AVG-388	lib32-libcurl-compat	7.54.1-1	7.56.0-1	Medium	Fixed
AVG-387	libcurl-gnutls	7.54.1-1	7.56.0-1	Medium	Fixed
AVG-386	lib32-libcurl-gnutls	7.54.1-1	7.56.0-1	Medium	Fixed
AVG-371	lib32-curl	7.54.1-2	7.56.0-1	Medium	Fixed
AVG-370	curl	7.54.1-2	7.55-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
05 Oct 2017	ASA-201710-7	AVG-389	libcurl-compat	Medium	multiple issues
05 Oct 2017	ASA-201710-6	AVG-388	lib32-libcurl-compat	Medium	multiple issues
05 Oct 2017	ASA-201710-5	AVG-387	libcurl-gnutls	Medium	multiple issues
05 Oct 2017	ASA-201710-4	AVG-386	lib32-libcurl-gnutls	Medium	multiple issues
05 Oct 2017	ASA-201710-3	AVG-371	lib32-curl	Medium	multiple issues
22 Aug 2017	ASA-201708-16	AVG-370	curl	Medium	information disclosure

References
https://curl.haxx.se/docs/adv_20170809B.html https://curl.haxx.se/CVE-2017-1000100.patch