CVE-2018-1000120

CRITICAL

curl <7.58.0 - Buffer Overflow

Title source: llm

Description

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.

References (18)

Core 18

Core References

Patch x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Patch, Third Party Advisory x_refsource_confirm

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:3558

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:3157

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2018/dsa-4136

Patch x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/103414

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3598-1/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1040531

Vendor Advisory x_refsource_confirm

https://curl.haxx.se/docs/adv_2018-9cd6.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3598-2/

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHBA-2019:0327

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2019:1543

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2020:0544

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2020:0594

Vendor Advisory x_refsource_misc

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Vendor Advisory x_refsource_misc

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Scores

CVSS v3 9.8

EPSS 0.0130

EPSS Percentile 80.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (18)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 17.10

debian/debian_linux 7.0

debian/debian_linux 8.0

debian/debian_linux 9.0

haxx/curl 7.12.3 - 7.58.0

nuget/curl 7.12.3NuGet

oracle/communications_webrtc_session_controller < 7.2

... and 8 more

Published Mar 14, 2018

Tracked Since Feb 18, 2026