DSA-4136-1 curl -- curlID: oval:org.secpod.oval:def:603309 | Date: (C)2018-03-16 (M)2023-12-20 |
Class: PATCH | Family: unix |
Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000120 Duy Phan Thanh discovered that curl could be fooled into writing a zero byte out of bounds when curl is told to work on an FTP URL with the setting to only issue a single CWD command, if the directory part of the URL contains a 00 sequence. CVE-2018-1000121 Dario Weisser discovered that curl might dereference a near-NULL address when getting an LDAP URL due to the ldap_get_attribute_ber fuction returning LDAP_SUCCESS and a NULL pointer. A malicious server might cause libcurl-using applications that allow LDAP URLs, or that allow redirects to LDAP URLs to crash. CVE-2018-1000122 OSS-fuzz, assisted by Max Dymond, discovered that curl could be tricked into copying data beyond the end of its heap based buffer when asked to transfer an RTSP URL.
Platform: |
Debian 8.x |
Debian 9.x |
Product: |
curl |
libcurl4-gnutls-dev |
libcurl4-doc |
libcurl4-openssl-dev |
libcurl3 |
libcurl4-nss-dev |