CVE-2018-1000122

CRITICAL

curl <7.59 - Buffer Overflow

Title source: llm

Description

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage

References (17)

Core 17

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/103436

Patch x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Patch, Third Party Advisory x_refsource_confirm

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:3558

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:3157

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2018/dsa-4136

Vendor Advisory x_refsource_confirm

https://curl.haxx.se/docs/adv_2018-b047.html

Patch x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1040530

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3598-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3598-2/

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHBA-2019:0327

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2019:1543

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2020:0544

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2020:0594

Vendor Advisory x_refsource_misc

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Scores

CVSS v3 9.1

EPSS 0.0164

EPSS Percentile 82.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Details

CWE

CWE-125

Status published

Products (17)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 17.10

debian/debian_linux 7.0

debian/debian_linux 8.0

debian/debian_linux 9.0

haxx/curl 7.20.0 - 7.58.0

oracle/communications_webrtc_session_controller < 7.2

oracle/enterprise_manager_ops_center 12.2.2

... and 7 more

Published Mar 14, 2018

Tracked Since Feb 18, 2026