CVE-2018-1000301
24.05.2018, 13:29
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 18.04 |
| haxx | curl | 7.20.0 ≤ 𝑥 ≤ 7.59.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| oracle | communications_webrtc_session_controller | 𝑥 < 7.2 |
| oracle | enterprise_manager_ops_center | 12.2.2 |
| oracle | enterprise_manager_ops_center | 12.3.3 |
| oracle | peoplesoft_enterprise_peopletools | 8.55 |
| oracle | peoplesoft_enterprise_peopletools | 8.56 |
| oracle | peoplesoft_enterprise_peopletools | 8.57 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| curl |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libcurl-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libcurl4 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libcurl4-32bit |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration
References