CVE-2018-1000300

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.

References

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/104207

http://www.securitytracker.com/id/1040933

https://curl.haxx.se/docs/adv_2018-82c2.html

https://security.gentoo.org/glsa/201806-05

https://usn.ubuntu.com/3648-1/

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Details

Source: MITRE

Published: 2018-05-24

Updated: 2020-08-24

Type: CWE-787

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
131184Oracle Enterprise Manager Ops Center (Jan 2019 CPU)NessusMisc.
critical
124090Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (October 2018 CPU)NessusWeb Servers
critical
123190openSUSE Security Update : curl (openSUSE-2019-435)NessusSuSE Local Security Checks
critical
121963Photon OS 2.0: Curl PHSA-2018-2.0-0068NessusPhotonOS Local Security Checks
critical
121855Photon OS 1.0: Curl PHSA-2018-1.0-0158NessusPhotonOS Local Security Checks
critical
121257Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2019 CPU)NessusMisc.
critical
120931Fedora 28 : curl (2018-fa01002d7e)NessusFedora Local Security Checks
critical
111954Photon OS 2.0: Curl PHSA-2018-2.0-0068 (deprecated)NessusPhotonOS Local Security Checks
critical
111941Photon OS 1.0: Curl PHSA-2018-1.0-0158 (deprecated)NessusPhotonOS Local Security Checks
critical
111333Oracle Secure Global Desktop Multiple Vulnerabilities (July 2018 CPU)NessusMisc.
critical
110614GLSA-201806-05 : cURL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
110446Amazon Linux 2 : curl (ALAS-2018-1029)NessusAmazon Linux Local Security Checks
critical
110434openSUSE Security Update : curl (openSUSE-2018-589)NessusSuSE Local Security Checks
critical
110061Fedora 27 : curl (2018-9dc7338487)NessusFedora Local Security Checks
critical
109893Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : curl vulnerabilities (USN-3648-1)NessusUbuntu Local Security Checks
critical
109877FreeBSD : cURL -- multiple vulnerabilities (04fe6c8d-2a34-4009-a81e-e7a7e759b5d2)NessusFreeBSD Local Security Checks
critical
109870Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-136-01)NessusSlackware Local Security Checks
critical