CVE-2018-1000121 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Denial of service |
| Description | A NULL pointer dereference exists in the LDAP code of curl >= 7.21.0 and < curl 7.59.0, allowing an attacker to cause a denial of service. libcurl-using applications that allow LDAP URLs, or that allow redirects to LDAP URLs could be made to crash by a malicious server. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-661 | libcurl-gnutls | 7.58.0-2 | 7.59.0-1 | Medium | Fixed | |
| AVG-660 | lib32-libcurl-compat | 7.58.0-2 | 7.59.0-1 | Medium | Fixed | |
| AVG-656 | lib32-libcurl-gnutls | 7.58.0-2 | 7.59.0-1 | Medium | Fixed | |
| AVG-655 | libcurl-compat | 7.58.0-2 | 7.59.0-1 | Medium | Fixed | |
| AVG-654 | lib32-curl | 7.58.0-2 | 7.59.0-1 | Medium | Fixed | |
| AVG-653 | curl | 7.58.0-2 | 7.59.0-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 19 Mar 2018 | ASA-201803-20 | AVG-656 | lib32-libcurl-gnutls | Medium | multiple issues |
| 19 Mar 2018 | ASA-201803-19 | AVG-661 | libcurl-gnutls | Medium | multiple issues |
| 19 Mar 2018 | ASA-201803-18 | AVG-660 | lib32-libcurl-compat | Medium | multiple issues |
| 19 Mar 2018 | ASA-201803-17 | AVG-655 | libcurl-compat | Medium | multiple issues |
| 19 Mar 2018 | ASA-201803-16 | AVG-654 | lib32-curl | Medium | multiple issues |
| 19 Mar 2018 | ASA-201803-15 | AVG-653 | curl | Medium | multiple issues |
| References |
|---|
https://curl.haxx.se/docs/adv_2018-97a2.html https://curl.haxx.se/CVE-2018-1000121.patch https://github.com/curl/curl/commit/9889db043393092e9d4b5a42720bba0b3d58deba |