Remote SMB servers can cause out-of-bounds read and crash in cURL and libcurl 7.40.0 through 7.42.1

Remote SMB servers can cause out-of-bounds read and crash in cURL and libcurl 7.40.0 through 7.42.1

CVE-2015-3237 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:P

The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.

Learn more about our Cis Benchmark Audit For Server Software.