CVE-2017-8818: curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have…

CVE-2017-8818 [CRITICAL] CWE-119 GHSA-rm6j-8x6m-cxhp: curl and libcurl before 7 curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.

CVE-2017-8818 [CRITICAL] CVE-2017-8818: curl and libcurl before 7 curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.

CVE-2017-8818 [CRITICAL] CWE-125 curl: Out-of-bound access in SSL related cleanup code curl: Out-of-bound access in SSL related cleanup code curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library. Package: rh-dotnetcore10-curl (.NET Core 1.0 on Red Hat Enterprise Linux) - Not affected Package: rh-dotnetcore11-curl (.NET Core 1.1 on Red Hat Enterprise Linux) - Not affected Package: rh-dotnet20-curl (.NET Core 2.0 on Red Hat Enterprise Linux) - Not affected Package: curl (Red Hat Ceph Storage 2) - Not affected Package: curl (Red Hat Enterprise Linux 5) - Not affected Package: curl (Red Hat Enterprise Linux 6) - Not affected Package: curl (Red Hat Enterprise Linux 7) - Not

CVE-2017-8818 [CRITICAL] CVE-2017-8818: curl - curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a de... curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library. Scope: local bookworm: resolved (fixed in 7.57.0-1) bullseye: resolved (fixed in 7.57.0-1) forky: resolved (fixed in 7.57.0-1) sid: resolved (fixed in 7.57.0-1) trixie: resolved (fixed in 7.57.0-1)

CVE-2017-8818 [CRITICAL] CVE-2017-8818 curl: Out-of-bound access in SSL related cleanup code CVE-2017-8818 curl: Out-of-bound access in SSL related cleanup code When allocating memory for a connection (the internal struct called `connectdata`), a certain amount of extra memory is allocate at the end of the struct to be used for SSL related structs. Those structs are used by the particular SSL library libcurl is built to use and in this case the application can also tell libcurl which SSL library to use if it was built to support more than one. The math used for the extra memory was wrong on 32 bit systems, which made the allocated memory too small. The last struct setup that is used by the SSL library could then access memory outside of the allocated block. It could lead to a crash or to other undefined behaviors depending on what memory that is present there and how the particu