CVE-2015-3237

Published: Jun 22, 2015Modified: May 6, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:P

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.

Affected (14)

Products: Haxx: Curl, Libcurl · Hp: System Management Homepage · Oracle: Enterprise Manager Ops Center, Glassfish Server

2 products

1 product

System Management Homepage

2 products

Enterprise Manager Ops Center

Glassfish Server

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Haxx Curl	Version 7.40.0
Haxx Curl	Version 7.41.0
Haxx Curl	Version 7.42.0
Haxx Curl	Version 7.42.1
Haxx Libcurl	Version 7.40.0
Haxx Libcurl	Version 7.41.0
Haxx Libcurl	Version 7.42.0
Haxx Libcurl	Version 7.42.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Hp System Management Homepage	Up to 7.5.3.1

Configuration C

5 vulnerable

Vulnerable Software	Affected Versions
Oracle Enterprise Manager Ops Center	Version 12.1.4
Oracle Enterprise Manager Ops Center	Version 12.2.2
Oracle Enterprise Manager Ops Center	Version 12.3.2
Oracle Glassfish Server	Version 3.0.1
Oracle Glassfish Server	Version 3.1.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (22)

http://curl.haxx.se/docs/adv_20150617B.html

Source: secalert@redhat.com

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Source: secalert@redhat.com

PatchThird Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/75387

Source: secalert@redhat.com

http://www.securityfocus.com/bid/91787

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036371

Source: secalert@redhat.com

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017

Source: secalert@redhat.com

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201509-02

Source: secalert@redhat.com

http://curl.haxx.se/docs/adv_20150617B.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/75387

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/91787

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036371

Source: af854a3a-2127-422b-91ae-364da2661108

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201509-02

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.