Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-1000300

Опубликовано: 24 мая 2018
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Версия от 7.54.1 (включая) до 7.59.0 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

EPSS

Процентиль: 74%
0.00825
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2018-1000300

CVSS3: 9.8
ubuntu
больше 7 лет назад

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.

redhat логотип

CVE-2018-1000300

CVSS3: 7.5
redhat
больше 7 лет назад

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.

debian логотип

CVE-2018-1000300

CVSS3: 9.8
debian
больше 7 лет назад

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-1 ...

github логотип

GHSA-5vcr-2m3x-3m96

CVSS3: 9.8
github
больше 3 лет назад

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.

fstec логотип

BDU:2018-00916

CVSS3: 9.8
fstec
больше 7 лет назад

Уязвимость программного средства для взаимодействия с серверами cURL, вызванная переполнением буфера в памяти, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

EPSS

Процентиль: 74%
0.00825
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787