CVE-2018-1000122Out-of-bounds Read in Curl

CWE-125Out-of-bounds ReadCWE-122Heap-based Buffer Overflow13 documents8 sources
Severity
9.1CRITICALNVD
EPSS
1.9%
top 16.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Haxx CurlOracle Communications Webrtc Session ControllerCanonical Ubuntu Linux+6 more
Timeline
PublishedMar 14
Latest updateMay 13

Description

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages8 packages

Debianhaxx/curl< 7.60.0-1+3
NVDhaxx/curl7.20.07.58.0

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
GHSA-8h6f-6774-3wxg: A buffer over-read exists in curl 72022-05-13
OSV
curl vulnerabilities2018-03-15
OSV
CVE-2018-1000122: A buffer over-read exists in curl 72018-03-14
CVEList
CVE-2018-1000122: A buffer over-read exists in curl 72018-03-14

📋Vendor Advisories

4
Ubuntu
curl vulnerabilities2018-05-24
Ubuntu
curl vulnerabilities2018-03-15
Red Hat
curl: RTSP RTP buffer over-read2018-03-14
Debian
CVE-2018-1000122: curl - A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTS...2018

💬Community

4
Bugzilla
CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 curl: various flaws [fedora-all]2018-03-14
Bugzilla
CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 mingw-curl: various flaws [fedora-all]2018-03-14
Bugzilla
CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 mingw-curl: various flaws [epel-7]2018-03-14
Bugzilla
CVE-2018-1000122 curl: RTSP RTP buffer over-read2018-03-08
CVE-2018-1000122 — Out-of-bounds Read in Haxx Curl | cvebase