Published: 24/05/2018 Updated: 24/08/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haxx curl
canonical ubuntu linux 18.04
canonical ubuntu linux 16.04
canonical ubuntu linux 17.10
canonical ubuntu linux 14.04

Several security issues were fixed in curl ...

Debian Bug report logs - #893546 curl: CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 Package: src:curl; Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 19 Mar 2018 20:09:01 UTC Severity: serious Tags: fixed-upstream, patch, securi ...

Debian Bug report logs - #898856 curl: CVE-2018-1000301: RTSP bad headers buffer over-read Package: curl; Maintainer for curl is Alessandro Ghedini <ghedo@debianorg>; Source for curl is src:curl (PTS, buildd, popcon) Reported by: Chris Lamb <lamby@debianorg> Date: Wed, 16 May 2018 18:00:02 UTC Severity: grave Tags ...

Curl version curl 7541 to and including curl 7590 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies(CVE-2018-1000300) Curl version curl 7200 to and including curl ...

curl version curl 7541 to and including curl 7590 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies This vulnerability appears to have been fixed in curl < 754 ...

curl >= 7541 and < 7600 might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies When doing FTP transfers, curl keeps a spare "closure handle" around internally that will be used when an FTP connection gets shut down since the original curl easy handle is then already removed FT ...

A Vulnerable dockerfile for containerizing a university business.

Vulnerable Dockerfile A vulnerable Dockerfile for containerizing a university business This Dockerfile consists of Docker XML files for ease of use, readily deployable on your own environment Hosting an FTP server, a vulnerable SSH service and an insecure website Vulnerabilities include: wwwcvedetailscom/cve/CVE-2018-1000300/ wwwcvedetailscom/cve/CVE-20

CWE-787 https://curl.haxx.se/docs/adv_2018-82c2.html https://usn.ubuntu.com/3648-1/http://www.securitytracker.com/id/1040933 http://www.securityfocus.com/bid/104207 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://security.gentoo.org/glsa/201806-05 https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://usn.ubuntu.com/3648-1/https://nvd.nist.gov

CVE-2018-1000300

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect