{"id":"CURL-CVE-2017-1000101","summary":"URL globbing out of bounds read","details":"curl supports \"globbing\" of URLs, in which a user can pass a numerical range\nto have the tool iterate over those numbers to do a sequence of transfers.\n\nIn the globbing function that parses the numerical range, there was an\nomission that made curl read a byte beyond the end of the URL if given a\ncarefully crafted, or just wrongly written, URL. The URL is stored in a heap\nbased buffer, so it could then be made to wrongly read something else instead\nof crashing.\n\nAn example of a URL that triggers the flaw would be\n`http://ur%20[0-60000000000000000000`.","aliases":["CVE-2017-1000101"],"modified":"2026-04-25T20:30:33.874627Z","published":"2017-08-09T08:00:00Z","database_specific":{"severity":"Medium","URL":"https://curl.se/docs/CVE-2017-1000101.json","affects":"tool","www":"https://curl.se/docs/CVE-2017-1000101.html","package":"curl","CWE":{"id":"CWE-126","desc":"Buffer Over-read"},"last_affected":"7.54.1"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.34.0"},{"fixed":"7.55.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"5ca96cb84410270e233c92bf1b2583cba40c3fad"},{"fixed":"453e7a7a03a2cec749abd3878a48e728c515cca7"}]}],"versions":["7.54.1","7.54.0","7.53.1","7.53.0","7.52.1","7.52.0","7.51.0","7.50.3","7.50.2","7.50.1","7.50.0","7.49.1","7.49.0","7.48.0","7.47.1","7.47.0","7.46.0","7.45.0","7.44.0","7.43.0","7.42.1","7.42.0","7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0","7.36.0","7.35.0","7.34.0"],"database_specific":{"vanir_signatures":[{"id":"CURL-CVE-2017-1000101-d35fff0a","signature_version":"v1","deprecated":false,"target":{"function":"glob_range","file":"src/tool_urlglob.c"},"digest":{"function_hash":"60326349713164111015205419997284250710","length":2893},"signature_type":"Function","source":"https://github.com/curl/curl.git/commit/453e7a7a03a2cec749abd3878a48e728c515cca7"},{"id":"CURL-CVE-2017-1000101-de4d641e","signature_version":"v1","deprecated":false,"target":{"file":"src/tool_urlglob.c"},"digest":{"threshold":0.9,"line_hashes":["123150116165892801649156348291261903198","285900347832440945719183793124713313729","338786517253160465565202185010639599373","254954250228785359441594206624569439575"]},"signature_type":"Line","source":"https://github.com/curl/curl.git/commit/453e7a7a03a2cec749abd3878a48e728c515cca7"}],"vanir_signatures_modified":"2026-04-25T20:30:33Z","source":"https://curl.se/docs/CURL-CVE-2017-1000101.json"}}],"schema_version":"1.7.5","credits":[{"name":"Brian Carpenter","type":"FINDER"},{"name":"Yongji Ouyang","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}