Описание
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 7.55.1-1ubuntu2.5 |
| bionic | released | 7.58.0-2ubuntu3.1 |
| devel | released | 7.58.0-2ubuntu4 |
| esm-infra-legacy/trusty | released | 7.35.0-1ubuntu2.16 |
| esm-infra/bionic | released | 7.58.0-2ubuntu3.1 |
| esm-infra/xenial | released | 7.47.0-1ubuntu2.8 |
| precise/esm | not-affected | 7.22.0-3ubuntu4.21 |
| trusty | released | 7.35.0-1ubuntu2.16 |
| trusty/esm | released | 7.35.0-1ubuntu2.16 |
| upstream | released | 7.60.0 |
Показывать по
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3
Связанные уязвимости
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-1 ...
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3