CVE-2015-3144

EPSS 1.2%

Published: 4/24/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2015-3144

Description

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."

Affected packages (1)

Debian/curlfrom 0, < 7.42.0-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3144