cve/CVE-2015-3144.md at master

0xMarcio/cve

Fork 0

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1021 B

Raw Permalink Blame History

CVE-2015-3144

Description

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."

POC

Reference

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Github

https://github.com/akaganeite/CVE4PP
https://github.com/mrash/afl-cve

1021 B Raw Permalink Blame History

CVE-2015-3144

Description

POC

Reference

Github

1021 B

Raw Permalink Blame History