CVE-2018-1000121 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
A NULL pointer dereference exists in the LDAP code of curl >= 7.21.0 and < curl 7.59.0, allowing an attacker to cause a denial of service. libcurl-using applications that allow LDAP URLs, or that allow redirects to LDAP URLs could be made to crash by a malicious server.
Group Package Affected Fixed Severity Status Ticket
AVG-661 libcurl-gnutls 7.58.0-2 7.59.0-1 Medium Fixed
AVG-660 lib32-libcurl-compat 7.58.0-2 7.59.0-1 Medium Fixed
AVG-656 lib32-libcurl-gnutls 7.58.0-2 7.59.0-1 Medium Fixed
AVG-655 libcurl-compat 7.58.0-2 7.59.0-1 Medium Fixed
AVG-654 lib32-curl 7.58.0-2 7.59.0-1 Medium Fixed
AVG-653 curl 7.58.0-2 7.59.0-1 Medium Fixed
Date Advisory Group Package Severity Type
19 Mar 2018 ASA-201803-20 AVG-656 lib32-libcurl-gnutls Medium multiple issues
19 Mar 2018 ASA-201803-19 AVG-661 libcurl-gnutls Medium multiple issues
19 Mar 2018 ASA-201803-18 AVG-660 lib32-libcurl-compat Medium multiple issues
19 Mar 2018 ASA-201803-17 AVG-655 libcurl-compat Medium multiple issues
19 Mar 2018 ASA-201803-16 AVG-654 lib32-curl Medium multiple issues
19 Mar 2018 ASA-201803-15 AVG-653 curl Medium multiple issues
References
https://curl.haxx.se/docs/adv_2018-97a2.html
https://curl.haxx.se/CVE-2018-1000121.patch
https://github.com/curl/curl/commit/9889db043393092e9d4b5a42720bba0b3d58deba