CVE-2018-1000122 - log back

CVE-2018-1000122 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ A buffer over-read exists in curl >= 7.20.0 and < 7.59.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage. When asked to transfer an RTSP URL, curl could calculate a wrong data length to copy from the read buffer. The memcpy call would copy data from the heap following the buffer to a storage area that would subsequently be delivered to the application (if it didn't cause a crash). This could lead to information leakage or a denial of service for the application if the server offering the RTSP data can trigger this.
References
+ https://curl.haxx.se/docs/adv_2018-b047.html
+ https://curl.haxx.se/CVE-2018-1000122.patch
+ https://github.com/curl/curl/commit/d52dc4760f6d9ca1937eefa2093058a952465128
Notes