CVE-2018-1000301
- Source
- https://cve.org/CVERecord?id=CVE-2018-1000301
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000301.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-1000301
- Aliases
- Downstream
- Related
- Published
- 2018-05-24T13:29:01.383Z
- Modified
- 2026-05-15T12:03:37.901501232Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" ], "vendor_product": "canonical:ubuntu_linux", "extracted_events": [ { "last_affected": "12.04" }, { "last_affected": "14.04" }, { "last_affected": "16.04" }, { "last_affected": "17.10" }, { "last_affected": "18.04" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ], "vendor_product": "debian:debian_linux", "extracted_events": [ { "last_affected": "7.0" }, { "last_affected": "8.0" }, { "last_affected": "9.0" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*" ], "vendor_product": "oracle:communications_webrtc_session_controller", "extracted_events": [ { "fixed": "7.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" ], "vendor_product": "oracle:enterprise_manager_ops_center", "extracted_events": [ { "last_affected": "12.2.2" }, { "last_affected": "12.3.3" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*" ], "vendor_product": "oracle:peoplesoft_enterprise_peopletools", "extracted_events": [ { "last_affected": "8.55" }, { "last_affected": "8.56" }, { "last_affected": "8.57" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" ], "vendor_product": "redhat:enterprise_linux_desktop", "extracted_events": [ { "last_affected": "7.0" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" ], "vendor_product": "redhat:enterprise_linux_server", "extracted_events": [ { "last_affected": "7.0" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" ], "vendor_product": "redhat:enterprise_linux_workstation", "extracted_events": [ { "last_affected": "7.0" } ] } ] }- References
-
- http://www.securityfocus.com/bid/104225
- http://www.securitytracker.com/id/1040931
- https://access.redhat.com/errata/RHBA-2019:0327
- https://access.redhat.com/errata/RHSA-2018:3157
- https://access.redhat.com/errata/RHSA-2018:3558
- https://access.redhat.com/errata/RHSA-2020:0544
- https://access.redhat.com/errata/RHSA-2020:0594
- https://lists.debian.org/debian-lts-announce/2018/05/msg00010.html
- https://security.gentoo.org/glsa/201806-05
- https://usn.ubuntu.com/3598-2/
- https://usn.ubuntu.com/3648-1/
- https://www.debian.org/security/2018/dsa-4202
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://curl.haxx.se/docs/adv_2018-b138.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html