CVE-2018-1000300
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
24/05/2018
Last modified:
24/08/2020
Description
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl = 7.60.0.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* | 7.54.1 (including) | 7.59.0 (including) |
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* | ||
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* | ||
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:* | ||
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/104207
- http://www.securitytracker.com/id/1040933
- https://curl.haxx.se/docs/adv_2018-82c2.html
- https://security.gentoo.org/glsa/201806-05
- https://usn.ubuntu.com/3648-1/
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html