CVE-2018-1000300

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
curl >= 7.54.1 and < 7.60.0 might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.
When doing FTP transfers, curl keeps a spare "closure handle" around internally that will be used when an FTP connection gets shut down since the original curl easy handle is then already removed. FTP server response data that gets cached from the original transfer might then be larger than the default buffer size (16 KB) allocated in the "closure handle", which can lead to a buffer overwrite. The contents and size of that overwrite is controllable by the server.
Group Package Affected Fixed Severity Status Ticket
AVG-699 libcurl-gnutls 7.59.0-1 7.60.0-1 Critical Fixed
AVG-698 libcurl-compat 7.59.0-1 7.60.0-1 Critical Fixed
AVG-697 lib32-libcurl-gnutls 7.59.0-1 7.60.0-1 Critical Fixed
AVG-696 lib32-libcurl-compat 7.59.0-1 7.60.0-1 Critical Fixed
AVG-695 lib32-curl 7.59.0-1 7.60.0-1 Critical Fixed
AVG-694 curl 7.59.0-2 7.60.0-1 Critical Fixed
Date Advisory Group Package Severity Description
18 May 2018 ASA-201805-18 AVG-699 libcurl-gnutls Critical multiple issues
18 May 2018 ASA-201805-17 AVG-698 libcurl-compat Critical multiple issues
18 May 2018 ASA-201805-16 AVG-697 lib32-libcurl-gnutls Critical multiple issues
18 May 2018 ASA-201805-15 AVG-696 lib32-libcurl-compat Critical multiple issues
18 May 2018 ASA-201805-14 AVG-695 lib32-curl Critical multiple issues
17 May 2018 ASA-201805-13 AVG-694 curl Critical multiple issues
References
https://curl.haxx.se/docs/adv_2018-82c2.html
https://curl.haxx.se/CVE-2018-1000300.patch