{"id":"CURL-CVE-2015-3144","summary":"hostname out of boundary memory access","details":"There is a private function in libcurl called `fix_hostname()` that removes a\ntrailing dot from the hostname if there is one. The function is called after\nthe hostname has been extracted from the URL libcurl has been told to act on.\n\nIf a URL is given with a zero-length hostname, like in \"http://:80\" or just\n\":80\", `fix_hostname()` indexes the hostname pointer with a -1 offset (as it\nblindly assumes a non-zero length) and both read and assign that address.\n\nAt best, this gets unnoticed but can also lead to a crash or worse. We have\nnot researched further what kind of malicious actions that potentially this\ncould be used for.","aliases":["CVE-2015-3144"],"modified":"2026-04-25T20:30:39.593617Z","published":"2015-04-22T08:00:00Z","database_specific":{"URL":"https://curl.se/docs/CVE-2015-3144.json","CWE":{"id":"CWE-124","desc":"Buffer Underwrite ('Buffer Underflow')"},"last_affected":"7.41.0","www":"https://curl.se/docs/CVE-2015-3144.html","severity":"Medium","package":"curl","affects":"both"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.37.0"},{"fixed":"7.42.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"5de8d84098db1bd24e7fffefbe14e81f2a05995a"},{"fixed":"0583e87ada7a3cfb10904ae4ab61b339582c5bd3"}]}],"versions":["7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/curl/curl.git/commit/0583e87ada7a3cfb10904ae4ab61b339582c5bd3","id":"CURL-CVE-2015-3144-285a442b","target":{"file":"lib/url.c","function":"fix_hostname"},"signature_type":"Function","digest":{"length":1215,"function_hash":"302857014196003819835645927753951719924"},"deprecated":false,"signature_version":"v1"},{"source":"https://github.com/curl/curl.git/commit/0583e87ada7a3cfb10904ae4ab61b339582c5bd3","id":"CURL-CVE-2015-3144-dd778062","target":{"file":"lib/url.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["270878377318186174494843635834225150969","46407169664050383391727544247789172485","51621819899399844632954616211039468642","118193069924792380754011537934000253690"]},"deprecated":false,"signature_version":"v1"}],"source":"https://curl.se/docs/CURL-CVE-2015-3144.json","vanir_signatures_modified":"2026-04-25T20:30:39Z"}}],"schema_version":"1.7.5","credits":[{"name":"Hanno Böck","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}