CVE-2018-1000301

Опубликовано: 16 мая 2018

Источник: redhat

CVSS3: 5.4

EPSS Низкий

Описание

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
.NET Core 1.0 on Red Hat Enterprise Linux	rh-dotnetcore10-curl	Out of support scope
.NET Core 1.1 on Red Hat Enterprise Linux	rh-dotnetcore11-curl	Out of support scope
.NET Core 2.0 on Red Hat Enterprise Linux	rh-dotnet20-curl	Out of support scope
.NET Core 2.1 on Red Hat Enterprise Linux	rh-dotnet21-curl	Will not fix
Red Hat Enterprise Linux 5	curl	Not affected
Red Hat Enterprise Linux 6	curl	Not affected
Red Hat Enterprise Linux 8	curl	Not affected
Red Hat JBoss Enterprise Web Server 3	curl	Will not fix
Red Hat Enterprise Linux 7	curl	Fixed	RHSA-2018:3157	30.10.2018
Red Hat Enterprise Linux 7	nss-pem	Fixed	RHSA-2018:3157	30.10.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1575536curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service

EPSS

Процентиль: 85%

0.02562

Низкий

5.4 Medium

CVSS3

Связанные уязвимости

CVE-2018-1000301

CVSS3: 9.1

ubuntu

больше 7 лет назад

CVE-2018-1000301

CVSS3: 9.1

nvd

больше 7 лет назад

CVE-2018-1000301

CVSS3: 9.1

debian

больше 7 лет назад

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-1 ...

openSUSE-SU-2018:1344-1

suse-cvrf

больше 7 лет назад

Security update for curl

SUSE-SU-2018:1478-1

suse-cvrf

больше 7 лет назад

Security update for curl

EPSS

Процентиль: 85%

0.02562

Низкий

5.4 Medium

CVSS3