Back to search
CVE-2018-1000301
Published: May 24, 2018
Modified: Apr 15, 2026
PUBLISHED
Description
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
104225
vdb-entry
x_refsource_BID
[debian-lts-announce] 20180516 [SECURITY] [DLA 1379-1] curl security update
mailing-list
x_refsource_MLIST
1040931
vdb-entry
x_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
x_refsource_CONFIRM
RHSA-2018:3558
vendor-advisory
x_refsource_REDHAT
https://curl.haxx.se/docs/adv_2018-b138.html
x_refsource_CONFIRM
RHSA-2018:3157
vendor-advisory
x_refsource_REDHAT
GLSA-201806-05
vendor-advisory
x_refsource_GENTOO
DSA-4202
vendor-advisory
x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
x_refsource_CONFIRM
USN-3648-1
vendor-advisory
x_refsource_UBUNTU
USN-3598-2
vendor-advisory
x_refsource_UBUNTU
RHBA-2019:0327
vendor-advisory
x_refsource_REDHAT
RHSA-2020:0544
vendor-advisory
x_refsource_REDHAT
RHSA-2020:0594
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now