CVE-2018-1000005: libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231)…

CVE-2018-1000005 [CRITICAL] curl vulnerabilities Title: curl vulnerabilities Summary: Several security issues were fixed in curl. It was discovered that curl incorrectly handled certain data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that curl could accidentally leak authentication data. An attacker could possibly use this to get access to sensitive information. (CVE-2018-1000007) Instructions: In general, a standard system update will make all the necessary changes.

CVE-2018-1000005 [CRITICAL] CWE-125 curl: Out-of-bounds read in code handling HTTP/2 trailers curl: Out-of-bounds read in code handling HTTP/2 trailers libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an inform

CVE-2018-1000005 [CRITICAL] CVE-2018-1000005: curl - libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handl... libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back

CVE-2018-1000005 [CRITICAL] CWE-125 GHSA-cj8j-r7q8-xg4f: libcurl 7 libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back

CVE-2018-1000005 [CRITICAL] CVE-2018-1000005: libcurl 7 libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back

CVE-2018-1000005 [CRITICAL] CVE-2018-1000005 mingw-curl: curl: Out-of-bounds read in code handling HTTP/2 trailers [fedora-all] CVE-2018-1000005 mingw-curl: curl: Out-of-bounds read in code handling HTTP/2 trailers [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multi

CVE-2018-1000005 [CRITICAL] CVE-2018-1000005 curl: Out-of-bounds read in code handling HTTP/2 trailers [fedora-all] CVE-2018-1000005 curl: Out-of-bounds read in code handling HTTP/2 trailers [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supporte

CVE-2018-1000005 [CRITICAL] CVE-2018-1000005 curl: Out-of-bounds read in code handling HTTP/2 trailers CVE-2018-1000005 curl: Out-of-bounds read in code handling HTTP/2 trailers An out-of-bounds read in code handling HTTP/2 trailers was found. This could lead to a denial-of-service or an information disclosure in some circumstances. Affected versions: libcurl 7.49.0 to and including 7.57.0 Not affected versions: libcurl = 7.58.0 Upstream bug report: https://github.com/curl/curl/pull/2231 Upstream patch: https://github.com/curl/curl/commit/fa3dbb9a147488a294.patch Discussion: Acknowledgments: Name: the Curl project Upstream: Zhouyihai Ding --- External References: https://curl.haxx.se/docs/adv_2018-824a.html --- The latest version of curl shipped by ceph-2 is 7.29.0-32.el7(~3 years back), however which is not affected by this flaw. Ceph-2 no more ships updated version of curl a