ALAS2-2018-1052

Affecting curl package, versions <7.55.1-12.amzn2.0.5

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See Remediation section below for Amzn:2 relevant versions.

Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2018-0500: 1597101: CVE-2018-0500 curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP A heap-based buffer overflow has been found in the Curl_smtp_escape_eob() function of curl. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory.

Remediation

Upgrade Amzn:2 curl to version 7.55.1-12.amzn2.0.5 or higher.

References

CVE
ALAS2-2018-1052
Snyk ID
SNYK-AMZN2-CURL-508673
Published
13 Nov, 2019