Do your applications use this vulnerable package?
Test your applications
Overview
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
References
- CONFIRM
- CVE Details
- Debian Security Advisory
- Debian Security Announcement
- Debian Security Tracker
- Gentoo Security Advisory
- Oracle Security Advisory
- Oracle Security Advisory
- Oracle Security Advisory
- Oracle Security Advisory
- REDHAT
- REDHAT
- REDHAT
- RHSA Security Advisory
- RHSA Security Advisory
- Security Focus
- Security Tracker
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
- Ubuntu Security Advisory
CVSS Score
9.1
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityNone
-
AvailabilityHigh
- CVE
- CVE-2018-1000301
- CWE
- CWE-125
- Snyk ID
- SNYK-DEBIAN9-CURL-358714
- Disclosed
- 24 May, 2018
- Published
- 24 May, 2018