CVE-2018-1000120
- Source
- https://cve.org/CVERecord?id=CVE-2018-1000120
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000120.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-1000120
- Aliases
- Downstream
- Related
- Published
- 2018-03-14T18:29:00.233Z
- Modified
- 2026-05-18T05:51:22.945831598Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
- Database specific
{ "unresolved_ranges": [ { "extracted_events": [ { "last_affected": "12.04" }, { "last_affected": "14.04" }, { "last_affected": "16.04" }, { "last_affected": "17.10" } ], "cpes": [ "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "canonical:ubuntu_linux" }, { "extracted_events": [ { "last_affected": "7.0" }, { "last_affected": "8.0" }, { "last_affected": "9.0" } ], "cpes": [ "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "debian:debian_linux" }, { "extracted_events": [ { "fixed": "7.2" } ], "cpes": [ "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "oracle:communications_webrtc_session_controller" }, { "extracted_events": [ { "last_affected": "12.2.2" }, { "last_affected": "12.3.3" } ], "cpes": [ "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "oracle:enterprise_manager_ops_center" }, { "extracted_events": [ { "last_affected": "8.55" }, { "last_affected": "8.56" }, { "last_affected": "8.57" } ], "cpes": [ "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "oracle:peoplesoft_enterprise_peopletools" }, { "extracted_events": [ { "last_affected": "7.0" } ], "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "redhat:enterprise_linux_desktop" }, { "extracted_events": [ { "last_affected": "7.0" } ], "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "redhat:enterprise_linux_server" }, { "extracted_events": [ { "last_affected": "7.0" } ], "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "redhat:enterprise_linux_workstation" } ] }- References
-
- http://www.securityfocus.com/bid/103414
- http://www.securitytracker.com/id/1040531
- https://access.redhat.com/errata/RHBA-2019:0327
- https://access.redhat.com/errata/RHSA-2018:3157
- https://access.redhat.com/errata/RHSA-2018:3558
- https://access.redhat.com/errata/RHSA-2019:1543
- https://access.redhat.com/errata/RHSA-2020:0544
- https://access.redhat.com/errata/RHSA-2020:0594
- https://curl.haxx.se/docs/adv_2018-9cd6.html
- https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html
- https://usn.ubuntu.com/3598-1/
- https://usn.ubuntu.com/3598-2/
- https://www.debian.org/security/2018/dsa-4136
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Affected packages
Git / github.com/curl/curl
Affected versions
Other
before_ftp_statemachine
curl-7_12_3
curl-7_13_0
curl-7_13_1
curl-7_13_2
curl-7_14_0
curl-7_14_1
curl-7_15_0
curl-7_15_1
curl-7_15_2
curl-7_15_3
curl-7_15_4
curl-7_15_5
curl-7_15_6-prepipeline
curl-7_16_0
curl-7_16_1
curl-7_16_2
curl-7_16_3
curl-7_16_4
curl-7_17_0
curl-7_17_0-preldapfix
curl-7_17_1
curl-7_18_0
curl-7_18_1
curl-7_18_2
curl-7_19_0
curl-7_19_1
curl-7_19_2
curl-7_19_3
curl-7_19_4
curl-7_19_5
curl-7_19_6
curl-7_19_7
curl-7_20_0
curl-7_20_1
curl-7_21_0
curl-7_21_1
curl-7_21_2
curl-7_21_3
curl-7_21_4
curl-7_21_5
curl-7_21_6
curl-7_21_7
curl-7_22_0
curl-7_23_0
curl-7_23_1
curl-7_25_0
curl-7_26_0
curl-7_27_0
curl-7_28_0
curl-7_28_1
curl-7_29_0
curl-7_30_0
curl-7_31_0
curl-7_32_0
curl-7_33_0
curl-7_34_0
curl-7_35_0
curl-7_36_0
curl-7_37_0
curl-7_37_1
curl-7_38_0
curl-7_39_0
curl-7_40_0
curl-7_41_0
curl-7_42_0
curl-7_43_0
curl-7_44_0
curl-7_45_0
curl-7_46_0
curl-7_47_0
curl-7_47_1
curl-7_48_0
curl-7_49_0
curl-7_49_1
curl-7_50_0
curl-7_50_1
curl-7_50_2
curl-7_50_3
curl-7_51_0
curl-7_52_0
curl-7_52_1
curl-7_53_0
curl-7_53_1
curl-7_54_0
curl-7_54_1
curl-7_55_0
curl-7_55_1
curl-7_56_0
curl-7_56_1
curl-7_57_0
curl-7_58_0