Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2018/10/31 12:0 a.m.169 views

RHEL 7 : curl and nss-pem (RHSA-2018:3157)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3157 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

9.8CVSS7.3AI score0.12058EPSS
Exploits0References17
Amazon
Amazon
added 2018/04/19 12:0 a.m.41 views

Medium: curl

Issue Overview: FTP path trickery leads to NIL byte out of bounds write: It was found that libcurl did not safely parse FTP URLs when using the CURLOPTFTPFILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an...

9.8CVSS9.1AI score0.12058EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/03/21 12:0 a.m.32 views

Fedora 27 : curl (2018-8877b4ccac)

fix FTP path trickery leads to NIL byte out of bounds write CVE-2018-1000120 - fix LDAP NULL pointer dereference CVE-2018-1000121 - fix RTSP RTP buffer over-read CVE-2018-1000122 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...

9.8CVSS7AI score0.12058EPSS
Exploits0References4
OSV
OSV
added 2018/03/14 8:0 a.m.9 views

CURL-CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write

curl can be fooled into writing a zero byte out of bounds. This bug can trigger when curl is told to work on an FTP URL, with the setting to only issue a single CWD command --ftp-method singlecwd or the libcurl alternative CURLOPTFTPFILEMETHOD. curl then URL-decodes the given path, calls strlen o...

9.8CVSS9.1AI score0.12058EPSS
Exploits0
Rows per page
Query Builder