cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability
BID:104207
CVE-2018-1000300 |Info
cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability
| Bugtraq ID: | 104207 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2018-1000300 |
| Remote: | Yes |
| Local: | No |
| Published: | May 16 2018 12:00AM |
| Updated: | Jan 16 2019 07:00AM |
| Credit: | Dario Weisser |
| Vulnerable: |
Oracle PeopleSoft Enterprise PeopleTools 8.57 Oracle PeopleSoft Enterprise PeopleTools 8.56 Oracle PeopleSoft Enterprise PeopleTools 8.55 Oracle HTTP Server 12.2.1.3.0 Oracle Enterprise Manager Ops Center 12.3.3 Oracle Enterprise Manager Ops Center 12.2.2 Oracle Communications WebRTC Session Controller 7.1 Oracle Communications WebRTC Session Controller 7.0 Haxx Curl 7.59 Haxx Curl 7.58 Haxx Curl 7.56.1 Haxx Curl 7.56 Haxx Curl 7.55.1 Haxx Curl 7.55 Haxx Curl 7.54.1 Haxx Curl 7.57.0 |
| Not Vulnerable: |
Oracle Communications WebRTC Session Controller 7.2 Haxx Curl 7.60 |
Discussion
cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability
cURL is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting this vulnerability can allow remote attackers to execute arbitrary code in the context of the application. Failed attempts will likely result in denial-of-service conditions.
cURL 7.54.1 through 7.59.0 are vulnerable.
cURL is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting this vulnerability can allow remote attackers to execute arbitrary code in the context of the application. Failed attempts will likely result in denial-of-service conditions.
cURL 7.54.1 through 7.59.0 are vulnerable.
Exploit / POC
cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability
References:
References:
- cURL Home Page (cURL)
- Fixed in 7.60.0 - May 16 2018 (Curl)
- Bug 1575533 CVE-2018-1000300 curl: FTP shutdown response heap-based buffer (Redhat)
- CVE-2018-1000300 (Redhat)
- FTP shutdown response buffer overflow (Curl)
- Oracle Critical Patch Update Advisory - January 2019 (Oracle)
- Oracle Critical Patch Update Advisory - October 2018 (Oracle)