Описание
Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 7.55.1-1ubuntu2.6 |
| bionic | released | 7.58.0-2ubuntu3.2 |
| devel | not-affected | 7.61.0-1 |
| esm-infra-legacy/trusty | not-affected | 7.47.0-1ubuntu2.8 |
| esm-infra/bionic | released | 7.58.0-2ubuntu3.2 |
| esm-infra/xenial | not-affected | 7.47.0-1ubuntu2.8 |
| precise/esm | not-affected | |
| trusty | not-affected | 7.47.0-1ubuntu2.8 |
| trusty/esm | not-affected | 7.47.0-1ubuntu2.8 |
| upstream | needs-triage |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).
Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).
Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including cur ...
7.5 High
CVSS2
9.8 Critical
CVSS3