CVE-2018-1000300

CVE-2018-1000300

Name

CVE-2018-1000300

Description

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://curl.haxx.se/docs/adv_2018-82c2.html
Third Party Advisory	https://usn.ubuntu.com/3648-1/
Third Party Advisory	http://www.securitytracker.com/id/1040933
Third Party Advisory	http://www.securityfocus.com/bid/104207
Patch	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Patch	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Third Party Advisory	https://security.gentoo.org/glsa/201806-05
Patch	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Type

URI

Patch

https://curl.haxx.se/docs/adv_2018-82c2.html

Third Party Advisory

https://usn.ubuntu.com/3648-1/

Third Party Advisory

http://www.securitytracker.com/id/1040933

Third Party Advisory

http://www.securityfocus.com/bid/104207

Patch

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html