Lucene search

K
cvelistDebianCVELIST:CVE-2018-0500
HistoryJul 11, 2018 - 1:00 p.m.

CVE-2018-0500

2018-07-1113:00:00
debian
www.cve.org

9.6 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

86.1%

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).

CNA Affected

[
  {
    "product": "curl before 7.61.0",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "curl before 7.61.0"
      }
    ]
  }
]