CVE-2018-1000120

CVSS 9.8 - CRITICAL
Description

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.

Affected Products
17
Vendor Product Version
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
haxx curl All versions
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
oracle communications_webrtc_session_controller All versions
oracle enterprise_manager_ops_center 12.2.2
oracle enterprise_manager_ops_center 12.3.3
oracle peoplesoft_enterprise_peopletools 8.55
oracle peoplesoft_enterprise_peopletools 8.56
oracle peoplesoft_enterprise_peopletools 8.57
References
http://www.oracle.com/technetwork/security-advisor...
http://www.oracle.com/technetwork/security-advisor...
http://www.securityfocus.com/bid/103414
http://www.securitytracker.com/id/1040531
https://access.redhat.com/errata/RHBA-2019:0327
https://access.redhat.com/errata/RHSA-2018:3157
https://access.redhat.com/errata/RHSA-2018:3558
https://access.redhat.com/errata/RHSA-2019:1543
https://access.redhat.com/errata/RHSA-2020:0544
https://access.redhat.com/errata/RHSA-2020:0594
https://curl.haxx.se/docs/adv_2018-9cd6.html
https://lists.debian.org/debian-lts-announce/2018/...
https://usn.ubuntu.com/3598-1/
https://usn.ubuntu.com/3598-2/
https://www.debian.org/security/2018/dsa-4136
https://www.oracle.com/technetwork/security-adviso...
https://www.oracle.com/technetwork/security-adviso...
https://www.oracle.com/technetwork/security-adviso...
http://www.oracle.com/technetwork/security-advisor...
http://www.oracle.com/technetwork/security-advisor...
Weakness Types
CWE-787
CVE Information
CVE ID:
CVE-2018-1000120
Published:
2018-03-14
Modified:
2024-11-21
CVSS Score:
9.8
Severity:
CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Vendors
redhat oracle haxx canonical debian
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL