CVE-2015-3236 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 89%

Affected Products (NVD)

Vendor	Product	Version
haxx	curl	7.40.0
haxx	curl	7.41.0
haxx	curl	7.42.0
haxx	curl	7.42.1
haxx	libcurl	7.40.0
haxx	libcurl	7.41.0
haxx	libcurl	7.42.0
haxx	libcurl	7.42.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

curl

bookworm	7.88.1-10+deb12u7 fixed
bookworm (security)	7.88.1-10+deb12u5 fixed
bullseye	7.74.0-1.3+deb11u13 fixed
bullseye (security)	7.74.0-1.3+deb11u11 fixed
jessie	not-affected
sid	8.10.1-2 fixed
squeeze	not-affected
trixie	8.10.1-2 fixed
wheezy	not-affected

Ubuntu Releases

Ubuntu Product

Codename

curl

precise	not-affected
trusty	not-affected
utopic	not-affected
vivid	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

curl

suse enterprise desktop 15	7.60.0-1.1 fixed
suse enterprise desktop 15 SP1	7.60.0-3.17.1 fixed
suse enterprise desktop 15 SP2	7.66.0-2.59 fixed
suse enterprise desktop 15 SP3	7.66.0-4.14.1 fixed
suse enterprise desktop 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise desktop 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise desktop 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise desktop 15 SP7	8.6.0-150600.4.21.1 fixed
suse enterprise sap 12 SP5	7.60.0-9.8 fixed
suse enterprise sap 15	7.60.0-1.1 fixed
suse enterprise sap 15 SP1	7.60.0-3.17.1 fixed
suse enterprise sap 15 SP2	7.66.0-2.59 fixed
suse enterprise sap 15 SP3	7.66.0-4.14.1 fixed
suse enterprise sap 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise sap 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise sap 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise sap 15 SP7	8.6.0-150600.4.21.1 fixed
suse enterprise server 12 SP5	7.60.0-9.8 fixed
suse enterprise server 15	7.60.0-1.1 fixed
suse enterprise server 15 SP1	7.60.0-3.17.1 fixed
suse enterprise server 15 SP2	7.66.0-2.59 fixed
suse enterprise server 15 SP3	7.66.0-4.14.1 fixed
suse enterprise server 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise server 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise server 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise server 15 SP7	8.6.0-150600.4.21.1 fixed

libcurl-devel

suse enterprise desktop 15	7.60.0-1.1 fixed
suse enterprise desktop 15 SP1	7.60.0-3.17.1 fixed
suse enterprise desktop 15 SP2	7.66.0-2.59 fixed
suse enterprise desktop 15 SP3	7.66.0-4.14.1 fixed
suse enterprise desktop 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise desktop 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise desktop 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise desktop 15 SP7	8.6.0-150600.4.21.1 fixed
suse enterprise sap 15	7.60.0-1.1 fixed
suse enterprise sap 15 SP1	7.60.0-3.17.1 fixed
suse enterprise sap 15 SP2	7.66.0-2.59 fixed
suse enterprise sap 15 SP3	7.66.0-4.14.1 fixed
suse enterprise sap 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise sap 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise sap 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise sap 15 SP7	8.6.0-150600.4.21.1 fixed
suse enterprise server 15	7.60.0-1.1 fixed
suse enterprise server 15 SP1	7.60.0-3.17.1 fixed
suse enterprise server 15 SP2	7.66.0-2.59 fixed
suse enterprise server 15 SP3	7.66.0-4.14.1 fixed
suse enterprise server 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise server 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise server 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise server 15 SP7	8.6.0-150600.4.21.1 fixed

libcurl4

suse enterprise desktop 15	7.60.0-1.1 fixed
suse enterprise desktop 15 SP1	7.60.0-3.17.1 fixed
suse enterprise desktop 15 SP2	7.66.0-2.59 fixed
suse enterprise desktop 15 SP3	7.66.0-4.14.1 fixed
suse enterprise desktop 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise desktop 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise desktop 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise desktop 15 SP7	8.6.0-150600.4.21.1 fixed
suse enterprise sap 12 SP5	7.60.0-9.8 fixed
suse enterprise sap 15	7.60.0-1.1 fixed
suse enterprise sap 15 SP1	7.60.0-3.17.1 fixed
suse enterprise sap 15 SP2	7.66.0-2.59 fixed
suse enterprise sap 15 SP3	7.66.0-4.14.1 fixed
suse enterprise sap 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise sap 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise sap 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise sap 15 SP7	8.6.0-150600.4.21.1 fixed
suse enterprise server 12 SP5	7.60.0-9.8 fixed
suse enterprise server 15	7.60.0-1.1 fixed
suse enterprise server 15 SP1	7.60.0-3.17.1 fixed
suse enterprise server 15 SP2	7.66.0-2.59 fixed
suse enterprise server 15 SP3	7.66.0-4.14.1 fixed
suse enterprise server 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise server 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise server 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise server 15 SP7	8.6.0-150600.4.21.1 fixed

libcurl4-32bit

suse enterprise desktop 15	7.60.0-1.1 fixed
suse enterprise desktop 15 SP1	7.60.0-3.17.1 fixed
suse enterprise desktop 15 SP2	7.66.0-2.59 fixed
suse enterprise desktop 15 SP3	7.66.0-4.14.1 fixed
suse enterprise desktop 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise desktop 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise desktop 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise desktop 15 SP7	8.6.0-150600.4.21.1 fixed
suse enterprise sap 12 SP5	7.60.0-9.8 fixed
suse enterprise sap 15	7.60.0-1.1 fixed
suse enterprise sap 15 SP1	7.60.0-3.17.1 fixed
suse enterprise sap 15 SP2	7.66.0-2.59 fixed
suse enterprise sap 15 SP3	7.66.0-4.14.1 fixed
suse enterprise sap 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise sap 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise sap 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise sap 15 SP7	8.6.0-150600.4.21.1 fixed
suse enterprise server 12 SP5	7.60.0-9.8 fixed
suse enterprise server 15	7.60.0-1.1 fixed
suse enterprise server 15 SP1	7.60.0-3.17.1 fixed
suse enterprise server 15 SP2	7.66.0-2.59 fixed
suse enterprise server 15 SP3	7.66.0-4.14.1 fixed
suse enterprise server 15 SP4	7.79.1-150400.3.1 fixed
suse enterprise server 15 SP5	8.0.1-150400.5.23.1 fixed
suse enterprise server 15 SP6	8.6.0-150600.2.2 fixed
suse enterprise server 15 SP7	8.6.0-150600.4.21.1 fixed

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

http://curl.haxx.se/docs/adv_20150617A.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.securityfocus.com/bid/75385

http://www.securityfocus.com/bid/91787

https://kc.mcafee.com/corporate/index?page=content&id=SB10131

https://security.gentoo.org/glsa/201509-02

http://curl.haxx.se/docs/adv_20150617A.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.securityfocus.com/bid/75385

http://www.securityfocus.com/bid/91787

https://kc.mcafee.com/corporate/index?page=content&id=SB10131

https://security.gentoo.org/glsa/201509-02