2 matches found
Security fix for the ALT Linux 8 package curl version 7.59.0-alt1
March 31, 2018 Anton Farygin 7.59.0-alt1 - new version - fixes: CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write CVE-2018-1000121 LDAP NULL pointer dereference CVE-2018-1000122 RTSP RTP buffer over-read...
CURL-CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write
curl can be fooled into writing a zero byte out of bounds. This bug can trigger when curl is told to work on an FTP URL, with the setting to only issue a single CWD command --ftp-method singlecwd or the libcurl alternative CURLOPTFTPFILEMETHOD. curl then URL-decodes the given path, calls strlen o...