CVE-2018-1000301
CVSS 9.1 - CRITICAL
Description
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
Affected Products
18| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux |
7.0
|
| debian | debian_linux |
8.0
|
| debian | debian_linux |
9.0
|
| canonical | ubuntu_linux |
12.04
|
| canonical | ubuntu_linux |
14.04
|
| canonical | ubuntu_linux |
16.04
|
| canonical | ubuntu_linux |
17.10
|
| canonical | ubuntu_linux |
18.04
|
| haxx | curl |
All versions
|
| redhat | enterprise_linux_desktop |
7.0
|
| redhat | enterprise_linux_server |
7.0
|
| redhat | enterprise_linux_workstation |
7.0
|
| oracle | communications_webrtc_session_controller |
All versions
|
| oracle | enterprise_manager_ops_center |
12.2.2
|
| oracle | enterprise_manager_ops_center |
12.3.3
|
| oracle | peoplesoft_enterprise_peopletools |
8.55
|
| oracle | peoplesoft_enterprise_peopletools |
8.56
|
| oracle | peoplesoft_enterprise_peopletools |
8.57
|
References
Weakness Types
CWE-125
CWE-125
CVE Information
- CVE ID:
CVE-2018-1000301- Published:
- 2018-05-24
- Modified:
- 2026-04-15
- CVSS Score:
- 9.1
- Severity:
- CRITICAL
- Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected Vendors
redhat
oracle
haxx
canonical
debian
Quick Actions
CVSS Severity Scale
0.0 - 3.9
LOW
4.0 - 6.9
MEDIUM
7.0 - 8.9
HIGH
9.0 - 10.0
CRITICAL