How severe is CVE-2017-1000101?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2017-1000101?

This is classified as CWE-119, which is a common weakness in software security.

CVE-2017-1000101 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.

Related Vulnerabilities

CVE-2010-0109

MEDIUM

CVSS:6.5(Medium)

DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request.

CWE-1192010

CVE-2014-7221

MEDIUM

CVSS:6.5(Medium)

TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (buffer overflow and application crash) by connecting to a channel with a different client instance, ...

CWE-1192014

CVE-2014-9092

MEDIUM

CVSS:6.5(Medium)

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.

CWE-1192014

CVE-2014-9655

MEDIUM

CVSS:6.5(Medium)

The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a...

CWE-1192014

CVE-2015-1547

MEDIUM

CVSS:6.5(Medium)

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.

CWE-1192015

CVE-2015-4407

MEDIUM

CVSS:6.5(Medium)

Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request,...

CWE-1192015