CVE-2018-1000300Out-of-bounds Write in Curl

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow11 documents8 sources
Severity
9.8CRITICALNVD
EPSS
0.9%
top 24.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Haxx CurlCanonical Ubuntu Linux
Timeline
PublishedMay 24
Latest updateMay 13

Description

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl = 7.60.0.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Debianhaxx/curl< 7.60.0-1+3
Ubuntuhaxx/curl< 7.35.0-1ubuntu2.16+2
NVDhaxx/curl7.54.17.59.0

Also affects: Ubuntu Linux 14.04, 16.04, 17.10, 18.04

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: curl.haxx.se

🔴Vulnerability Details

4
GHSA
GHSA-5vcr-2m3x-3m96: curl version curl 72022-05-13
OSV
CVE-2018-1000300: curl version curl 72018-05-24
CVEList
CVE-2018-1000300: curl version curl 72018-05-24
OSV
curl vulnerabilities2018-05-16

📋Vendor Advisories

3
Ubuntu
curl vulnerabilities2018-05-16
Red Hat
curl: FTP shutdown response heap-based buffer overflow can potentially lead to RCE2018-05-16
Debian
CVE-2018-1000300: curl - curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-b...2018

💬Community

3
Bugzilla
CVE-2018-1000300 mingw-curl: curl: FTP shutdown response heap-based buffer overflow can potentially lead to RCE [fedora-all]2018-05-16
Bugzilla
CVE-2018-1000300 CVE-2018-1000301 curl: various flaws [fedora-all]2018-05-16
Bugzilla
CVE-2018-1000300 curl: FTP shutdown response heap-based buffer overflow can potentially lead to RCE2018-05-07
CVE-2018-1000300 — Out-of-bounds Write in Haxx Curl | cvebase