CVE-2015-3145

Name	CVE-2015-3145
Description	The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severity	high (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
curl (PTS)	jessie	7.38.0-4+deb8u11	fixed
	jessie (security)	7.38.0-4+deb8u15	fixed
	stretch (security), stretch	7.52.1-5+deb9u9	fixed
	buster, sid	7.64.0-4	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency
curl	source	(unstable)	7.42.0-1	high
curl	source	jessie	7.38.0-4+deb8u1	high
curl	source	squeeze	(not affected)
curl	source	wheezy	(not affected)

Notes

[wheezy] - curl <not-affected> (Affects 7.31.0 to and including 7.41.0)
[squeeze] - curl <not-affected> (Affects 7.31.0 to and including 7.41.0)
http://curl.haxx.se/docs/adv_20150422C.html