4 matches found
RHEL 7 : curl and nss-pem (RHSA-2018:3157)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3157 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...
Medium: curl
Issue Overview: FTP path trickery leads to NIL byte out of bounds write: It was found that libcurl did not safely parse FTP URLs when using the CURLOPTFTPFILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an...
Fedora 27 : curl (2018-8877b4ccac)
fix FTP path trickery leads to NIL byte out of bounds write CVE-2018-1000120 - fix LDAP NULL pointer dereference CVE-2018-1000121 - fix RTSP RTP buffer over-read CVE-2018-1000122 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...
CURL-CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write
curl can be fooled into writing a zero byte out of bounds. This bug can trigger when curl is told to work on an FTP URL, with the setting to only issue a single CWD command --ftp-method singlecwd or the libcurl alternative CURLOPTFTPFILEMETHOD. curl then URL-decodes the given path, calls strlen o...