CVE-2018-1000120 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Denial of service |
| Description | It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-661 | libcurl-gnutls | 7.58.0-2 | 7.59.0-1 | Medium | Fixed | |
| AVG-660 | lib32-libcurl-compat | 7.58.0-2 | 7.59.0-1 | Medium | Fixed | |
| AVG-656 | lib32-libcurl-gnutls | 7.58.0-2 | 7.59.0-1 | Medium | Fixed | |
| AVG-655 | libcurl-compat | 7.58.0-2 | 7.59.0-1 | Medium | Fixed | |
| AVG-654 | lib32-curl | 7.58.0-2 | 7.59.0-1 | Medium | Fixed | |
| AVG-653 | curl | 7.58.0-2 | 7.59.0-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 19 Mar 2018 | ASA-201803-20 | AVG-656 | lib32-libcurl-gnutls | Medium | multiple issues |
| 19 Mar 2018 | ASA-201803-19 | AVG-661 | libcurl-gnutls | Medium | multiple issues |
| 19 Mar 2018 | ASA-201803-18 | AVG-660 | lib32-libcurl-compat | Medium | multiple issues |
| 19 Mar 2018 | ASA-201803-17 | AVG-655 | libcurl-compat | Medium | multiple issues |
| 19 Mar 2018 | ASA-201803-16 | AVG-654 | lib32-curl | Medium | multiple issues |
| 19 Mar 2018 | ASA-201803-15 | AVG-653 | curl | Medium | multiple issues |
| References |
|---|
https://curl.haxx.se/docs/adv_2018-9cd6.html https://curl.haxx.se/CVE-2018-1000120.patch https://github.com/curl/curl/commit/535432c0adb62fe167ec09621500470b6fa4eb0f |