CVE-2018-1000300

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.

Published: May 24, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-1000300
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
haxx / curl	7.54.1	7.59.0.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	17.10	17.10.x
canonical / ubuntu_linux	18.04	18.04.x

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/104207
http://www.securitytracker.com/id/1040933
https://curl.haxx.se/docs/adv_2018-82c2.html
https://security.gentoo.org/glsa/201806-05
https://usn.ubuntu.com/3648-1/
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Vulnerability Database

289,599

CVE-2018-1000300