CVE-2018-1000120

CWE-787Out-of-bounds Write14 documents8 sources
Severity
9.8CRITICAL
EPSS
1.5%
top 18.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Oracle Communications Webrtc Session ControllerHaxx CurlCanonical Ubuntu Linux+6 more
Timeline
PublishedMar 14
Latest updateMay 14

Description

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages10 packages

Debiancurl< 7.60.0-1+3
Ubuntucurl< 7.35.0-1ubuntu2.15+1
NVDhaxx/curl7.12.37.58.0
NuGetcurl

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

5
GHSA
curl FTP path confusion leads to NIL byte out of bounds write2022-05-14
OSV
curl FTP path confusion leads to NIL byte out of bounds write2022-05-14
OSV
curl vulnerabilities2018-03-15
OSV
CVE-2018-1000120: A buffer overflow exists in curl 72018-03-14
CVEList
CVE-2018-1000120: A buffer overflow exists in curl 72018-03-14

📋Vendor Advisories

4
Ubuntu
curl vulnerabilities2018-05-24
Ubuntu
curl vulnerabilities2018-03-15
Red Hat
curl: FTP path trickery leads to NIL byte out of bounds write2018-03-14
Debian
CVE-2018-1000120: curl - A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP ...2018

💬Community

4
Bugzilla
CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 curl: various flaws [fedora-all]2018-03-14
Bugzilla
CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 mingw-curl: various flaws [fedora-all]2018-03-14
Bugzilla
CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 mingw-curl: various flaws [epel-7]2018-03-14
Bugzilla
CVE-2018-1000120 curl: FTP path trickery leads to NIL byte out of bounds write2018-03-07
CVE-2018-1000120 (CRITICAL CVSS 9.8) | A buffer overflow exists in curl 7. | cvebase.io