{"api_version":"1","generated_at":"2026-04-23T02:34:29+00:00","cve":"CVE-2017-1000100","urls":{"html":"https://cve.report/CVE-2017-1000100","api":"https://cve.report/api/cve/CVE-2017-1000100.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-1000100","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000100"},"summary":{"title":"CVE-2017-1000100","description":"When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.","state":"PUBLISHED","assigner":"mitre","published_at":"2017-10-05 01:29:04","updated_at":"2026-04-16 14:16:10"},"problem_types":["CWE-200","n/a","CWE-200 CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3992","name":"http://www.debian.org/security/2017/dsa-3992","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-3992-1 curl","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://curl.haxx.se/docs/adv_20170809B.html","name":"https://curl.haxx.se/docs/adv_20170809B.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"curl - TFTP sends more than buffer size","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2018:3558","name":"https://access.redhat.com/errata/RHSA-2018:3558","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/100286","name":"http://www.securityfocus.com/bid/100286","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://security.gentoo.org/glsa/201709-14","name":"https://security.gentoo.org/glsa/201709-14","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"],"title":"cURL: Multiple vulnerabilities (GLSA 201709-14) — Gentoo Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT208221","name":"https://support.apple.com/HT208221","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1039118","name":"http://www.securitytracker.com/id/1039118","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"cURL TFTP URL Processing Bug Lets Remote Users Obtain Potentially Sensitive Information on the Target System - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-1000100","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000100","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.15.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.15.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.15.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.15.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.15.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.16.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.16.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.16.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.16.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.16.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.17.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.17.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.18.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.18.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.18.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.19.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.19.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.19.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.19.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.19.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.19.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.19.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.19.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.20.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.20.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.21.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.21.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.21.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.21.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.21.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.21.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.21.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.21.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.22.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.23.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.23.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.24.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.25.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.26.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.27.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.28.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.28.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.29.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.30.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.31.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.32.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.33.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.34.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.35.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.36.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.37.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.37.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.38.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.39","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.40.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.41.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.42.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.42.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.43.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.44.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.45.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.46.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.47.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.47.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.48.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.49.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.49.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.50.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.50.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.50.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.50.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.51.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.52.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.52.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.53.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.53.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.54.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"7.54.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2017","cve_id":"1000100","cve":"CVE-2017-1000100","epss":"0.008180000","percentile":"0.743920000","score_date":"2026-04-21","updated_at":"2026-04-22 00:07:41"},"legacy_qids":[{"cve":"CVE-2017-1000100","qid":"500119","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2017-1000100","qid":"503774","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2017-1000100","qid":"710401","title":"Gentoo Linux cURL Multiple Vulnerabilities (GLSA 201709-14)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T21:53:06.527Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.apple.com/HT208221"},{"name":"100286","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/100286"},{"name":"RHSA-2018:3558","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:3558"},{"name":"GLSA-201709-14","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/201709-14"},{"name":"1039118","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1039118"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://curl.haxx.se/docs/adv_20170809B.html"},{"name":"DSA-3992","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2017/dsa-3992"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2017-1000100","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-04-16T13:34:47.508366Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-200","description":"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-16T13:34:51.252Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"dateAssigned":"2017-08-22T00:00:00.000Z","datePublic":"2017-10-03T00:00:00.000Z","descriptions":[{"lang":"en","value":"When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-11-13T10:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://support.apple.com/HT208221"},{"name":"100286","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/100286"},{"name":"RHSA-2018:3558","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:3558"},{"name":"GLSA-201709-14","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/201709-14"},{"name":"1039118","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1039118"},{"tags":["x_refsource_CONFIRM"],"url":"https://curl.haxx.se/docs/adv_20170809B.html"},{"name":"DSA-3992","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2017/dsa-3992"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","DATE_ASSIGNED":"2017-08-22T17:29:33.315894","ID":"CVE-2017-1000100","REQUESTER":"daniel@haxx.se","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://support.apple.com/HT208221","refsource":"CONFIRM","url":"https://support.apple.com/HT208221"},{"name":"100286","refsource":"BID","url":"http://www.securityfocus.com/bid/100286"},{"name":"RHSA-2018:3558","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:3558"},{"name":"GLSA-201709-14","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201709-14"},{"name":"1039118","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1039118"},{"name":"https://curl.haxx.se/docs/adv_20170809B.html","refsource":"CONFIRM","url":"https://curl.haxx.se/docs/adv_20170809B.html"},{"name":"DSA-3992","refsource":"DEBIAN","url":"http://www.debian.org/security/2017/dsa-3992"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2017-1000100","datePublished":"2017-10-04T01:00:00.000Z","dateReserved":"2017-10-03T00:00:00.000Z","dateUpdated":"2026-04-16T13:34:51.252Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2017-10-05 01:29:04","lastModifiedDate":"2026-04-16 14:16:10","problem_types":["CWE-200","n/a","CWE-200 CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*","matchCriteriaId":"60BBDF07-DB97-433E-B542-EFEBE45550DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*","matchCriteriaId":"CA8BE3F8-82ED-4DD7-991E-979E950C98B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*","matchCriteriaId":"738AA231-4694-46E8-B559-1594263A9987"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*","matchCriteriaId":"E9E1F171-B887-499A-BF4F-538EBF347811"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*","matchCriteriaId":"07AA276A-0EBA-4DC9-951C-8F8159FAC7A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*","matchCriteriaId":"8DEEF534-9AD2-4439-9D69-E91D062C4647"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*","matchCriteriaId":"63643BE1-C978-4CD2-8ED1-2B979DB0676E"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*","matchCriteriaId":"F6FA04A0-9258-4654-ABCF-F41340B1FA35"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*","matchCriteriaId":"DE829230-AFDB-4131-9C6A-D9D7A66C5B57"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*","matchCriteriaId":"B7E8BA30-8087-48D4-AE1B-48326FF826B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*","matchCriteriaId":"47970EFF-2F51-4875-A6BD-E30614E13278"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*","matchCriteriaId":"52C9B668-3204-41C5-A82E-262BDFA541DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*","matchCriteriaId":"08C8EE1E-E186-42D6-8B12-05865C73F261"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*","matchCriteriaId":"EEA3D88B-41B9-4D79-B47D-B3D6058C0C27"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*","matchCriteriaId":"C2C80901-D48E-4C2A-9BED-A40007A11C97"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*","matchCriteriaId":"331A51E4-AA73-486F-9618-5A83965F2436"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*","matchCriteriaId":"EB32DF2C-9208-4853-ADEB-B00D764D7467"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*","matchCriteriaId":"E05636DC-7E38-4605-AAB8-81C0AE37520A"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*","matchCriteriaId":"624DF2F1-53FD-48D3-B93D-44E99C9C0C5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*","matchCriteriaId":"F2171C7C-311A-4405-B95F-3A54966FA844"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*","matchCriteriaId":"5DE20A41-8B53-46FC-9002-69CC7495171F"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*","matchCriteriaId":"87ED9DA0-E880-4CBB-B1AC-5AEE8A004718"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*","matchCriteriaId":"5293C7F0-BF9F-4768-889A-876CE78903CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*","matchCriteriaId":"F3EB41B3-65F3-4B0E-8CCC-325B14AF605B"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*","matchCriteriaId":"857B244C-2AFB-40C7-A893-7C6DE9871BCE"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*","matchCriteriaId":"B732CE55-820A-40E0-A885-71BBB6CF8C15"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*","matchCriteriaId":"0455A5F2-1515-4CD8-BA2F-74D28E91A661"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*","matchCriteriaId":"29034B3A-BE9D-4D68-8C56-4465C03C3693"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*","matchCriteriaId":"6249538E-FBCB-4130-91FB-DA78D7BA45DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*","matchCriteriaId":"5E11B8A5-50A2-468F-BFB3-86DD9D28AC73"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*","matchCriteriaId":"9EAE25A0-3828-46F1-AB30-88732CBC9F38"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*","matchCriteriaId":"1533A85C-2160-445D-8787-E624AEDC5A0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*","matchCriteriaId":"D87B9393-7EA4-43DA-900C-7E840AE2D4C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*","matchCriteriaId":"7D1249E9-304F-4952-8DAB-8B79CE5E7D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*","matchCriteriaId":"83FAF953-6A65-4FAB-BDB5-03B468CD1C9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*","matchCriteriaId":"29F8FF1F-A639-4161-9366-62528AAF4C07"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*","matchCriteriaId":"812AB429-379A-4EDE-9664-5BC2989053F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*","matchCriteriaId":"13DD791F-C4BD-4456-955A-92E84082AA09"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*","matchCriteriaId":"4A17E442-45AA-4780-98B4-9BF764DCC1C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*","matchCriteriaId":"F6AF544C-5F16-4434-B9FB-93B1B7318950"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*","matchCriteriaId":"CBFD9ED9-2412-44AE-9C55-0ED03A121B23"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*","matchCriteriaId":"67CCE31B-ABDA-4F32-BAF1-B1AD0664B3E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*","matchCriteriaId":"9E66A332-ECD1-4452-B444-FB629022FDF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*","matchCriteriaId":"CDD3D599-35E9-4590-B5E0-3AF04D344695"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*","matchCriteriaId":"A3B6BFFB-7967-482C-9B49-4BD25C815299"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*","matchCriteriaId":"1791BF6D-2C96-4A6E-90D4-2906A73601F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*","matchCriteriaId":"260DD751-4145-4B75-B892-5FC932C6A305"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*","matchCriteriaId":"EFF4AD0D-2EC5-4CE8-B6B3-2EC8ED2FF118"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*","matchCriteriaId":"3EB1CB85-0A9B-4816-B471-278774EE6D4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*","matchCriteriaId":"3831AB03-4E7E-476D-9623-58AADC188DFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*","matchCriteriaId":"ABACE305-2F0C-4B59-BC5C-6DF162B450E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*","matchCriteriaId":"6FAC1B55-F492-484E-B837-E7745682DE0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*","matchCriteriaId":"E0D57914-B40A-462B-9C78-6433BE2B2DB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*","matchCriteriaId":"A9A12DF7-62C5-46AD-9236-E2821C64156E"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*","matchCriteriaId":"4C43697D-390A-4AC0-A5D8-62B6D22245BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*","matchCriteriaId":"D52E9E9F-7A35-4CB9-813E-5A1D4A36415C"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*","matchCriteriaId":"257291FB-969C-4413-BA81-806B5E1B40A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.42.0:*:*:*:*:*:*:*","matchCriteriaId":"88DC6ED5-4C1A-4ED0-97BA-B245C4A236C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.42.1:*:*:*:*:*:*:*","matchCriteriaId":"51AA7383-3AA1-4A3B-BA46-BBA8FBDC10DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.43.0:*:*:*:*:*:*:*","matchCriteriaId":"003D8430-AA07-41B5-9F22-696C554CB277"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.44.0:*:*:*:*:*:*:*","matchCriteriaId":"6C3ED21E-7907-4248-A32F-BB3102A80DC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.45.0:*:*:*:*:*:*:*","matchCriteriaId":"B2E41520-CA31-4BA0-B247-F1DCAAE98DD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.46.0:*:*:*:*:*:*:*","matchCriteriaId":"57F2C633-D720-4FD9-9C75-2D4C57120357"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.47.0:*:*:*:*:*:*:*","matchCriteriaId":"A8F2FBC9-059A-4299-B59F-8EFD797E3704"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.47.1:*:*:*:*:*:*:*","matchCriteriaId":"920FCC26-B458-46D8-B023-DB4C19A51718"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.48.0:*:*:*:*:*:*:*","matchCriteriaId":"B21C08D5-7454-4292-A87C-900C9494E38B"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.49.0:*:*:*:*:*:*:*","matchCriteriaId":"3B727926-90A2-4A7E-9905-70160C1E0D8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.49.1:*:*:*:*:*:*:*","matchCriteriaId":"C1A247AE-B209-42BE-8BE7-865AE279D23E"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.50.0:*:*:*:*:*:*:*","matchCriteriaId":"8429FF9B-D7EA-40E6-A6E8-961EA71F20C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.50.1:*:*:*:*:*:*:*","matchCriteriaId":"9D387194-720A-4D9C-928E-6FAF2EC6C33C"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.50.2:*:*:*:*:*:*:*","matchCriteriaId":"F2782D32-B023-47B1-A513-251D5093CE5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.50.3:*:*:*:*:*:*:*","matchCriteriaId":"8373A4E6-BA92-4B5B-9E97-E8C1E8C22C13"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.51.0:*:*:*:*:*:*:*","matchCriteriaId":"084F63A4-64E4-48FC-8B8C-A4F3E7D39D08"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.52.0:*:*:*:*:*:*:*","matchCriteriaId":"F0D4DFF0-9953-4AB8-8C24-3977448BFE64"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.52.1:*:*:*:*:*:*:*","matchCriteriaId":"1B5B274B-F232-47E8-9E8A-0EB08F97DE40"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.53.0:*:*:*:*:*:*:*","matchCriteriaId":"73E42C72-868A-4AE4-A33E-79F8190C94C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.53.1:*:*:*:*:*:*:*","matchCriteriaId":"24E2F3C4-5D88-4C16-BAA7-A34CF7687415"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.54.0:*:*:*:*:*:*:*","matchCriteriaId":"067EB50A-E70F-4C04-ACE7-67BD7E5A4344"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:7.54.1:*:*:*:*:*:*:*","matchCriteriaId":"7C1D4922-F424-45B1-AF98-B1DD33981110"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"1000100","Ordinal":"1","Title":"CVE-2017-1000100","CVE":"CVE-2017-1000100","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"1000100","Ordinal":"1","NoteData":"When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.","Type":"Description","Title":"CVE-2017-1000100"},{"CveYear":"2017","CveId":"1000100","Ordinal":"2","NoteData":"2017-10-03","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"1000100","Ordinal":"3","NoteData":"2018-11-13","Type":"Other","Title":"Modified"}]}}}