CVE-2018-1000122

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
A buffer over-read exists in curl >= 7.20.0 and < 7.59.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage. When asked to transfer an RTSP URL, curl could calculate a wrong data length to copy from the read buffer. The memcpy call would copy data from the heap following the buffer to a storage area that would subsequently be delivered to the application (if it didn't cause a crash). This could lead to information leakage or a denial of service for the application if the server offering the RTSP data can trigger this.
Group Package Affected Fixed Severity Status Ticket
AVG-661 libcurl-gnutls 7.58.0-2 7.59.0-1 Medium Fixed
AVG-660 lib32-libcurl-compat 7.58.0-2 7.59.0-1 Medium Fixed
AVG-656 lib32-libcurl-gnutls 7.58.0-2 7.59.0-1 Medium Fixed
AVG-655 libcurl-compat 7.58.0-2 7.59.0-1 Medium Fixed
AVG-654 lib32-curl 7.58.0-2 7.59.0-1 Medium Fixed
AVG-653 curl 7.58.0-2 7.59.0-1 Medium Fixed
Date Advisory Group Package Severity Description
19 Mar 2018 ASA-201803-20 AVG-656 lib32-libcurl-gnutls Medium multiple issues
19 Mar 2018 ASA-201803-19 AVG-661 libcurl-gnutls Medium multiple issues
19 Mar 2018 ASA-201803-18 AVG-660 lib32-libcurl-compat Medium multiple issues
19 Mar 2018 ASA-201803-17 AVG-655 libcurl-compat Medium multiple issues
19 Mar 2018 ASA-201803-16 AVG-654 lib32-curl Medium multiple issues
19 Mar 2018 ASA-201803-15 AVG-653 curl Medium multiple issues
References
https://curl.haxx.se/docs/adv_2018-b047.html
https://curl.haxx.se/CVE-2018-1000122.patch
https://github.com/curl/curl/commit/d52dc4760f6d9ca1937eefa2093058a952465128