CVE-2018-1000300
CRITICALcurl 7.54.1-7.59.0 - Heap-based Buffer Overflow via FTP Server Command Reply
Title source: llmDescription
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.
References (8)
Core 8
Core References
Patch x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Patch x_refsource_confirm
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Patch, Vendor Advisory x_refsource_confirm
https://curl.haxx.se/docs/adv_2018-82c2.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201806-05
Patch x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3648-1/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104207
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040933
Scores
CVSS v3
9.8
EPSS
0.0093
EPSS Percentile
76.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (5)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
17.10
canonical/ubuntu_linux
18.04
haxx/curl
7.54.1 - 7.59.0
Published
May 24, 2018
Tracked Since
Feb 18, 2026