CVE-2018-0500
published 2018-07-11CVE-2018-0500: Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who…
PriorityP353critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
6.43%
92.8th percentile
Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | curl | < curl 7.61.0-1 (bookworm) | curl 7.61.0-1 (bookworm) |
| haxx | curl | >= 0 < 7.61.0-1 | 7.61.0-1 |
| haxx | curl | >= 0 < 7.61.0-1 | 7.61.0-1 |
| haxx | curl | >= 0 < 7.61.0-1 | 7.61.0-1 |
| haxx | curl | >= 0 < 7.61.0-1 | 7.61.0-1 |
| haxx | curl | 7.54.1 – 7.60.0 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
curl vulnerability
vendor_ubuntu·2018-07-11
CVE-2018-0500 curl vulnerability
Title: curl vulnerability
Summary: curl could be made to crash or run programs if it received specially
crafted network traffic.
Peter Wu discovered that curl incorrectly handled certain SMTP buffers. A
remote attacker could use this issue to cause curl to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP
vendor_redhat·2018-07-11·CVSS 9.8
CVE-2018-0500 [CRITICAL] CWE-122 curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP
curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP
Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).
A heap-based buffer overflow has been found in the Curl_smtp_escape_eob() function of curl. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory.
Statement: This issue did not affect the versions of curl/libcurl as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include the vulnerable co
Debian
CVE-2018-0500: curl - Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 h...
vendor_debian·2018·CVSS 9.8
CVE-2018-0500 [CRITICAL] CVE-2018-0500: curl - Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 h...
Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).
Scope: local
bookworm: resolved (fixed in 7.61.0-1)
bullseye: resolved (fixed in 7.61.0-1)
forky: resolved (fixed in 7.61.0-1)
sid: resolved (fixed in 7.61.0-1)
trixie: resolved (fixed in 7.61.0-1)
GHSA
GHSA-rg4c-f6cj-x9w8: Curl_smtp_escape_eob in lib/smtp
ghsa_unreviewed·2022-05-13
CVE-2018-0500 [CRITICAL] CWE-787 GHSA-rg4c-f6cj-x9w8: Curl_smtp_escape_eob in lib/smtp
Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).
OSV
CVE-2018-0500: Curl_smtp_escape_eob in lib/smtp
osv·2018-07-11·CVSS 9.8
CVE-2018-0500 [CRITICAL] CVE-2018-0500: Curl_smtp_escape_eob in lib/smtp
Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-0500 curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP [fedora-all]
bugzilla·2018-07-11·CVSS 9.8
CVE-2018-0500 [CRITICAL] CVE-2018-0500 curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP [fedora-all]
CVE-2018-0500 curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this iss
Bugzilla
CVE-2018-0500 curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP
bugzilla·2018-07-02·CVSS 9.8
CVE-2018-0500 [CRITICAL] CVE-2018-0500 curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP
CVE-2018-0500 curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP
curl versions 7.54.1 through 7.60.0 are vulnerable to a heap-based buffer overflow in the Curl_smtp_escape_eob() function when uploading data over SMTP and using a reduced read buffer. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory.
Discussion:
Flaw introduced by:
https://github.com/curl/curl/commit/e40e9d7f0decc79
---
Created attachment 1456079
Upstream patch
---
Acknowledgments:
Name: the Curl project
Upstream: Peter Wu
---
Even though some versions shipped in RHEL and in RHSCL 3 provide the option to reduce the read buffer, they are not vulnerable to this flaw because they do n
http://www.securitytracker.com/id/1041280https://access.redhat.com/errata/RHSA-2018:2486https://curl.haxx.se/docs/adv_2018-70a2.htmlhttps://github.com/curl/curl/commit/ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628https://security.gentoo.org/glsa/201807-04https://usn.ubuntu.com/3710-1/http://www.securitytracker.com/id/1041280https://access.redhat.com/errata/RHSA-2018:2486https://curl.haxx.se/docs/adv_2018-70a2.htmlhttps://github.com/curl/curl/commit/ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628https://security.gentoo.org/glsa/201807-04https://usn.ubuntu.com/3710-1/
2018-07-11
Published