What is CVE-2015-3144?

CVE-2015-3144 is a vulnerability in Haxx Curl, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2015-04-24.

Is CVE-2015-3144 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Haxx Curl

CVE-2015-3144

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified…

Vulnerability class: Buffer Overflow

EPSS: 0.012 (79.2th percentile) — read the EPSS interpretation.

Affected products

Haxx Curl — versions 7.37.0, 7.37.1, 7.38.0
Haxx Libcurl — versions 7.37.0, 7.37.1, 7.38.0
Oracle Mysql_enterprise_monitor
Canonical Ubuntu_linux — versions 12.04, 14.04, 14.10
Debian Debian_linux — versions 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

FEDORA-2015-6853 (x_refsource_FEDORA, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
DSA-3232 (vendor-advisory, x_refsource_DEBIAN)
74300 (vdb-entry, x_refsource_BID)
USN-2591-1 (x_refsource_UBUNTU, vendor-advisory)
1032232 (vdb-entry, x_refsource_SECTRACK)
APPLE-SA-2015-08-13-2 (vendor-advisory, x_refsource_APPLE)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2015-3144?: CVE-2015-3144 is a vulnerability in Haxx Curl, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2015-04-24.
Is CVE-2015-3144 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.