exploit the possibilities
Showing 1 - 8 of 8 RSS Feed

CVE-2018-1000301

Status Candidate

Overview

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.

Related Files

Red Hat Security Advisory 2020-0594-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0594-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.

tags | advisory, web, denial of service, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301
MD5 | df8981f3d1666f0e1fac725df6f6dcf9
Red Hat Security Advisory 2020-0544-01
Posted Feb 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0544-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.

tags | advisory, web, denial of service, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301
MD5 | 6e5f2809f97c01e413f0335f27349e23
Red Hat Security Advisory 2018-3157-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3157-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. The nss-pem package provides the PEM file reader for Network Security Services implemented as a PKCS#11 module. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.

tags | advisory, web, denial of service, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301
MD5 | 64fd2f3db9f57d9a15f45dfcc25f6450
Gentoo Linux Security Advisory 201806-05
Posted Jun 19, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201806-5 - Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. Versions less than 7.60.0 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2018-1000300, CVE-2018-1000301
MD5 | bb6b32c72590b5a3d9811a12c1d7386b
Ubuntu Security Notice USN-3598-2
Posted May 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3598-2 - USN-3598-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301
MD5 | c0a7f31a20ff0b1187a6a7af47462855
Slackware Security Advisory - curl Updates
Posted May 17, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-1000300, CVE-2018-1000301
MD5 | 521162b2ea72021232324db926b46554
Debian Security Advisory 4202-1
Posted May 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4202-1 - OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid headers in an RTSP response.

tags | advisory
systems | linux, debian
advisories | CVE-2018-1000301
MD5 | bca5c9e18380423f0b3f484011c480fc
Ubuntu Security Notice USN-3648-1
Posted May 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3648-1 - Dario Weisser discovered that curl incorrectly handled long FTP server command replies. If a user or automated system were tricked into connecting to a malicious FTP server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. Max Dymond discovered that curl incorrectly handled certain RTSP responses. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-1000300, CVE-2018-1000301, CVE-2018-1000303
MD5 | 61182442578b6aa2ee7114cf2de837a2
Page 1 of 1
Back1Next

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    1 Files
  • 24
    May 24th
    1 Files
  • 25
    May 25th
    2 Files
  • 26
    May 26th
    23 Files
  • 27
    May 27th
    13 Files
  • 28
    May 28th
    18 Files
  • 29
    May 29th
    17 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close