{"id":"CURL-CVE-2017-8817","summary":"FTP wildcard out of bounds read","details":"libcurl contains a read out of bounds flaw in the FTP wildcard function.\n\nlibcurl's FTP wildcard matching feature, which is enabled with the\n`CURLOPT_WILDCARDMATCH` option can use a built-in wildcard function or a user\nprovided one. The built-in wildcard function has a flaw that makes it not\ndetect the end of the pattern string if it ends with an open bracket (`[`) but\ninstead it continues reading the heap beyond the end of the URL buffer that\nholds the wildcard.\n\nFor applications that use HTTP(S) URLs, allow libcurl to handle redirects and\nhave FTP wildcards enabled, this flaw can be triggered by malicious servers\nthat can redirect clients to a URL using such a wildcard pattern.","aliases":["CVE-2017-8817"],"modified":"2024-07-02T09:22:24Z","published":"2017-11-29T08:00:00Z","database_specific":{"severity":"Medium","last_affected":"7.56.1","package":"curl","URL":"https://curl.se/docs/CVE-2017-8817.json","CWE":{"id":"CWE-126","desc":"Buffer Over-read"},"affects":"lib","www":"https://curl.se/docs/CVE-2017-8817.html"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.21.0"},{"fixed":"7.57.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"0825cd80a62c21725fb3615f1fdd3aa6cc5f0f34"},{"fixed":"0b664ba968437715819bfe4c7ada5679d16ebbc3"}]}],"versions":["7.56.1","7.56.0","7.55.1","7.55.0","7.54.1","7.54.0","7.53.1","7.53.0","7.52.1","7.52.0","7.51.0","7.50.3","7.50.2","7.50.1","7.50.0","7.49.1","7.49.0","7.48.0","7.47.1","7.47.0","7.46.0","7.45.0","7.44.0","7.43.0","7.42.1","7.42.0","7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0","7.36.0","7.35.0","7.34.0","7.33.0","7.32.0","7.31.0","7.30.0","7.29.0","7.28.1","7.28.0","7.27.0","7.26.0","7.25.0","7.24.0","7.23.1","7.23.0","7.22.0","7.21.7","7.21.6","7.21.5","7.21.4","7.21.3","7.21.2","7.21.1","7.21.0"],"database_specific":{"vanir_signatures":[{"id":"CURL-CVE-2017-8817-3cb6c8a3","deprecated":false,"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/0b664ba968437715819bfe4c7ada5679d16ebbc3","digest":{"function_hash":"298730692469968009547611169481388207515","length":3087},"signature_type":"Function","target":{"function":"setcharset","file":"lib/curl_fnmatch.c"}},{"id":"CURL-CVE-2017-8817-fa729cca","deprecated":false,"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/0b664ba968437715819bfe4c7ada5679d16ebbc3","digest":{"threshold":0.9,"line_hashes":["43638997033928459303008351357338518954","72117958863879997296837069229487845669","87990833645405497784466668675550885192","70532905449980031218253424071052354014","196123198438245594349999131572128817069","289576857934881939227353208159133267347","254514581051275152626574631772189928653","191938046197527947869981402332997201997","226509738433068435122098405911222762166","260525894796949816519744561563026002894","305062054971634091161692411070839960392","72411786785477790301492798861538378260","254514581051275152626574631772189928653","13626872940613937908214377755250866971","57469848601474742856855797613017056106","287124871154724278255153040078259555956"]},"signature_type":"Line","target":{"file":"lib/curl_fnmatch.c"}}],"source":"https://curl.se/docs/CURL-CVE-2017-8817.json"}}],"schema_version":"1.7.3","credits":[{"name":"OSS-Fuzz","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"},{"name":"Max Dymond","type":"OTHER"}]}