{"api_version":"1","generated_at":"2026-04-23T07:46:49+00:00","cve":"CVE-2017-1000101","urls":{"html":"https://cve.report/CVE-2017-1000101","api":"https://cve.report/api/cve/CVE-2017-1000101.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-1000101","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000101"},"summary":{"title":"CVE-2017-1000101","description":"curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.","state":"PUBLISHED","assigner":"mitre","published_at":"2017-10-05 01:29:04","updated_at":"2026-04-16 14:16:10"},"problem_types":["CWE-119","n/a","CWE-119 CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://curl.haxx.se/docs/adv_20170809A.html","name":"https://curl.haxx.se/docs/adv_20170809A.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"],"title":"curl - URL globbing out of bounds read","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2017/dsa-3992","name":"http://www.debian.org/security/2017/dsa-3992","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-3992-1 curl","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2018:3558","name":"https://access.redhat.com/errata/RHSA-2018:3558","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201709-14","name":"https://security.gentoo.org/glsa/201709-14","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"],"title":"cURL: Multiple vulnerabilities (GLSA 201709-14) — Gentoo Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1039117","name":"http://www.securitytracker.com/id/1039117","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"cURL URL Globbing Flaw Lets Local Users View Portions of System Memory on the Target System - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/100249","name":"http://www.securityfocus.com/bid/100249","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://support.apple.com/HT208221","name":"https://support.apple.com/HT208221","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-1000101","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000101","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.35.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.36.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.37.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.37.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.38.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.39.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.4.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.40.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.41.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.42.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.42.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.43.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.44.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.45.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.46.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.47.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.47.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.48.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.49.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.49.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.50.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.50.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.50.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.50.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.51.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.52.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.52.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.53.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.53.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.54.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.54.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"1000101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"7.55.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2017","cve_id":"1000101","cve":"CVE-2017-1000101","epss":"0.007630000","percentile":"0.734140000","score_date":"2026-04-21","updated_at":"2026-04-22 00:07:41"},"legacy_qids":[{"cve":"CVE-2017-1000101","qid":"500119","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2017-1000101","qid":"503774","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2017-1000101","qid":"710401","title":"Gentoo Linux cURL Multiple Vulnerabilities (GLSA 201709-14)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T21:53:06.565Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.apple.com/HT208221"},{"name":"RHSA-2018:3558","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:3558"},{"name":"GLSA-201709-14","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/201709-14"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://curl.haxx.se/docs/adv_20170809A.html"},{"name":"1039117","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1039117"},{"name":"100249","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/100249"},{"name":"DSA-3992","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2017/dsa-3992"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2017-1000101","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-04-16T13:45:32.714678Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-119","description":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-16T13:45:37.458Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"dateAssigned":"2017-08-22T00:00:00.000Z","datePublic":"2017-10-03T00:00:00.000Z","descriptions":[{"lang":"en","value":"curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-11-13T10:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://support.apple.com/HT208221"},{"name":"RHSA-2018:3558","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:3558"},{"name":"GLSA-201709-14","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/201709-14"},{"tags":["x_refsource_CONFIRM"],"url":"https://curl.haxx.se/docs/adv_20170809A.html"},{"name":"1039117","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1039117"},{"name":"100249","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/100249"},{"name":"DSA-3992","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2017/dsa-3992"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","DATE_ASSIGNED":"2017-08-22T17:29:33.316423","ID":"CVE-2017-1000101","REQUESTER":"daniel@haxx.se","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://support.apple.com/HT208221","refsource":"CONFIRM","url":"https://support.apple.com/HT208221"},{"name":"RHSA-2018:3558","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:3558"},{"name":"GLSA-201709-14","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201709-14"},{"name":"https://curl.haxx.se/docs/adv_20170809A.html","refsource":"CONFIRM","url":"https://curl.haxx.se/docs/adv_20170809A.html"},{"name":"1039117","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1039117"},{"name":"100249","refsource":"BID","url":"http://www.securityfocus.com/bid/100249"},{"name":"DSA-3992","refsource":"DEBIAN","url":"http://www.debian.org/security/2017/dsa-3992"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2017-1000101","datePublished":"2017-10-04T01:00:00.000Z","dateReserved":"2017-10-03T00:00:00.000Z","dateUpdated":"2026-04-16T13:45:37.458Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2017-10-05 01:29:04","lastModifiedDate":"2026-04-16 14:16:10","problem_types":["CWE-119","n/a","CWE-119 CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.4.1:*:*:*:*:*:*:*","matchCriteriaId":"BC7E5201-24A0-4CEF-84D2-76DB195D3A8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*","matchCriteriaId":"4D558CC2-0146-4887-834E-19FCB1D512A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*","matchCriteriaId":"6931764D-16AB-4546-9CE3-5B4E03BC984A"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*","matchCriteriaId":"6FC1313E-8DCB-4B29-A9BC-A27C8CB360E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*","matchCriteriaId":"B27C2E02-5C0A-4A12-B0A6-5B1C0DFA94E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*","matchCriteriaId":"EFC7535F-B8C7-490F-A2F9-1DCFD41A3C9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*","matchCriteriaId":"3CCBFE6D-F6A9-4394-9AF8-F830DC7E6A81"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*","matchCriteriaId":"5DEBBFCA-6A18-4F8F-B841-50255C952FA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*","matchCriteriaId":"FEEAE437-A645-468B-B283-44799658F534"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.42.0:*:*:*:*:*:*:*","matchCriteriaId":"03F7EE95-4EBE-4306-ADFE-A1A92CAD5F24"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.42.1:*:*:*:*:*:*:*","matchCriteriaId":"79F7AE71-7A18-4737-9C02-0A3343B3AD4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.43.0:*:*:*:*:*:*:*","matchCriteriaId":"BC589DE6-773A-43E8-9393-3083DB545671"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.44.0:*:*:*:*:*:*:*","matchCriteriaId":"24D735EA-04E3-47E7-A859-3CC1ED887E10"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.45.0:*:*:*:*:*:*:*","matchCriteriaId":"063C1A70-0869-4933-88D7-ECE7ACCF0F99"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.46.0:*:*:*:*:*:*:*","matchCriteriaId":"70B0A020-3DA1-4753-B810-C60E7CA06839"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.47.0:*:*:*:*:*:*:*","matchCriteriaId":"63A18050-0DA7-400A-B564-AC9A020D57CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.47.1:*:*:*:*:*:*:*","matchCriteriaId":"9D168A62-A5B0-4BA8-8243-1AAF3B395567"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.48.0:*:*:*:*:*:*:*","matchCriteriaId":"11D8B02D-5A97-4F9A-8EE8-D60D621E0B0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.49.0:*:*:*:*:*:*:*","matchCriteriaId":"D7DC2429-0B58-4D68-9337-0077C4493714"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.49.1:*:*:*:*:*:*:*","matchCriteriaId":"A4D5B7BD-2B9D-40AB-B13A-393FF0007A8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.50.0:*:*:*:*:*:*:*","matchCriteriaId":"E2AFED4D-0672-467F-999C-9D6C3722B8C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.50.1:*:*:*:*:*:*:*","matchCriteriaId":"4BDCCD2D-3D98-4FC3-BAB5-3D09A0CAD12C"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.50.2:*:*:*:*:*:*:*","matchCriteriaId":"8DA228CD-70CF-41FC-98F6-38194466CC32"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.50.3:*:*:*:*:*:*:*","matchCriteriaId":"EFDE2415-78F8-4A36-AA9B-6EA8DCE399AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.51.0:*:*:*:*:*:*:*","matchCriteriaId":"CCA05266-35B6-422D-AE73-4C934B4F5091"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.52.0:*:*:*:*:*:*:*","matchCriteriaId":"A2AB70F1-D6A9-4ADF-A506-4C9DEE8AE754"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.52.1:*:*:*:*:*:*:*","matchCriteriaId":"3C2FDF0C-6493-4BE1-851E-0D8CE94E36B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.53.0:*:*:*:*:*:*:*","matchCriteriaId":"2EA9D7F9-A972-41A8-9561-DB72E37184F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.53.1:*:*:*:*:*:*:*","matchCriteriaId":"641ACFC8-BDE2-42AC-8B3D-EF78695AD750"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.54.0:*:*:*:*:*:*:*","matchCriteriaId":"8629C630-14E0-4C94-BBD1-B5203488A6FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.54.1:*:*:*:*:*:*:*","matchCriteriaId":"31C6D873-9770-4FD0-AC75-4D6C06FC4A8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:7.55.0:*:*:*:*:*:*:*","matchCriteriaId":"CADB89B4-7218-4E2B-BB94-8CCEB79FB3F0"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"1000101","Ordinal":"1","Title":"CVE-2017-1000101","CVE":"CVE-2017-1000101","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"1000101","Ordinal":"1","NoteData":"curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.","Type":"Description","Title":"CVE-2017-1000101"},{"CveYear":"2017","CveId":"1000101","Ordinal":"2","NoteData":"2017-10-03","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"1000101","Ordinal":"3","NoteData":"2018-11-13","Type":"Other","Title":"Modified"}]}}}