What is CVE-2017-1000100?

CVE-2017-1000100 is a medium-severity vulnerability in Haxx Libcurl, classified under Information Disclosure. CVSS score: 6.5/10. Published 2017-10-05.

How severe is CVE-2017-1000100?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2017-1000100 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Haxx Libcurl

CVE-2017-1000100

When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to u…

Vulnerability class: Information Disclosure

EPSS: 0.006 (70.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N.

Affected products

Haxx Libcurl — versions 7.15.0, 7.15.1, 7.15.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

fokypoky/places-list

References

cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_REDHAT, vendor-advisory)
cve@mitre.org (vendor-advisory, Patch, VDB Entry, Third Party Advisory, x_refsource_GENTOO)
cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
cve@mitre.org (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2017-1000100?: CVE-2017-1000100 is a medium-severity vulnerability in Haxx Libcurl, classified under Information Disclosure. CVSS score: 6.5/10. Published 2017-10-05.
How severe is CVE-2017-1000100?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2017-1000100 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.