Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-1000120

It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior.

Source

Severity Medium

Remote Yes

Type Denial of service

Description

It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior.

AVG-661 libcurl-gnutls 7.58.0-2 7.59.0-1 Medium Fixed

AVG-660 lib32-libcurl-compat 7.58.0-2 7.59.0-1 Medium Fixed

AVG-656 lib32-libcurl-gnutls 7.58.0-2 7.59.0-1 Medium Fixed

AVG-655 libcurl-compat 7.58.0-2 7.59.0-1 Medium Fixed

AVG-654 lib32-curl 7.58.0-2 7.59.0-1 Medium Fixed

AVG-653 curl 7.58.0-2 7.59.0-1 Medium Fixed

19 Mar 2018 ASA-201803-20 AVG-656 lib32-libcurl-gnutls Medium multiple issues

19 Mar 2018 ASA-201803-19 AVG-661 libcurl-gnutls Medium multiple issues

19 Mar 2018 ASA-201803-18 AVG-660 lib32-libcurl-compat Medium multiple issues

19 Mar 2018 ASA-201803-17 AVG-655 libcurl-compat Medium multiple issues

19 Mar 2018 ASA-201803-16 AVG-654 lib32-curl Medium multiple issues

19 Mar 2018 ASA-201803-15 AVG-653 curl Medium multiple issues

https://curl.haxx.se/docs/adv_2018-9cd6.html
https://curl.haxx.se/CVE-2018-1000120.patch
https://github.com/curl/curl/commit/535432c0adb62fe167ec09621500470b6fa4eb0f

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect