{"id": "USN-3598-1", "bulletinFamily": "unix", "title": "curl vulnerabilities", "description": "Phan Thanh discovered that curl incorrectly handled certain FTP paths. An \nattacker could use this to cause a denial of service or possibly execute \narbitrary code. (CVE-2018-1000120)\n\nDario Weisser discovered that curl incorrectly handled certain LDAP URLs. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2018-1000121)\n\nMax Dymond discovered that curl incorrectly handled certain RTSP data. An \nattacker could possibly use this to cause a denial of service or even to \nget access to sensitive data. (CVE-2018-1000122)", "published": "2018-03-15T00:00:00", "modified": "2018-03-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://ubuntu.com/security/notices/USN-3598-1", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000122", "https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000120", "https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000121"], "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "type": "ubuntu", "lastseen": "2020-07-02T11:43:47", "edition": 6, "viewCount": 20, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000120"]}, {"type": "f5", "idList": ["F5:K22052524"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310874256", "OPENVAS:1361412562311220191540", "OPENVAS:1361412562311220181330", "OPENVAS:1361412562311220181110", "OPENVAS:1361412562310843476", "OPENVAS:1361412562310874266", "OPENVAS:1361412562310704136", "OPENVAS:1361412562311220181109", "OPENVAS:1361412562310891309", "OPENVAS:1361412562311220181203"]}, {"type": "amazon", "idList": ["ALAS2-2019-1139", "ALAS2-2018-995", "ALAS-2018-995"]}, {"type": "archlinux", "idList": ["ASA-201803-17", "ASA-201803-18", "ASA-201803-16", "ASA-201803-20", "ASA-201803-15", "ASA-201803-19"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4136-1:5B46E", "DEBIAN:DLA-1309-1:3655B"]}, {"type": "nessus", "idList": ["PHOTONOS_PHSA-2018-1_0-0124.NASL", "SUSE_SU-2018-0769-1.NASL", "ALA_ALAS-2018-995.NASL", "SUSE_SU-2018-1323-1.NASL", "EULEROS_SA-2018-1110.NASL", "FEDORA_2018-BC65AB5014.NASL", "OPENSUSE-2018-299.NASL", "SLACKWARE_SSA_2018-074-01.NASL", "DEBIAN_DSA-4136.NASL", "UBUNTU_USN-3598-1.NASL"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:1D977E29F1169EF928BB4A0BAE75A4E4"]}, {"type": "fedora", "idList": ["FEDORA:41A6660CADCC", "FEDORA:5C8E66094E72", "FEDORA:87D78601E81F", "FEDORA:A9F06601B24A", "FEDORA:3EC4162335F8"]}, {"type": "slackware", "idList": ["SSA-2018-074-01"]}, {"type": "ubuntu", "idList": ["USN-3598-2"]}, {"type": "gentoo", "idList": ["GLSA-201804-04"]}, {"type": "redhat", "idList": ["RHSA-2020:0544", "RHSA-2019:1543", "RHSA-2018:3157", "RHSA-2020:0594", "RHSA-2018:3558"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-3157"]}, {"type": "centos", "idList": ["CESA-2018:3157"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2019-5072801", "ORACLE:CPUJUL2018-4258247", "ORACLE:CPUOCT2019", "ORACLE:CPUJUL2019", "ORACLE:CPUOCT2019-5072832", "ORACLE:CPUJUL2019-5072835", "ORACLE:CPUOCT2018-4428296", "ORACLE:CPUJAN2019", "ORACLE:CPUOCT2018", "ORACLE:CPUJUL2018"]}], "modified": "2020-07-02T11:43:47", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2020-07-02T11:43:47", "rev": 2}, "vulnersScore": 6.9}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "curl", "packageVersion": "7.47.0-1ubuntu2.7"}, {"OS": "Ubuntu", "OSVersion": "17.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libcurl3-nss", "packageVersion": "7.55.1-1ubuntu2.4"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libcurl3", "packageVersion": "7.47.0-1ubuntu2.7"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "curl", "packageVersion": "7.35.0-1ubuntu2.15"}, {"OS": "Ubuntu", "OSVersion": "17.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libcurl3", "packageVersion": "7.55.1-1ubuntu2.4"}, {"OS": "Ubuntu", "OSVersion": "17.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libcurl3-gnutls", "packageVersion": "7.55.1-1ubuntu2.4"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libcurl3-gnutls", "packageVersion": "7.47.0-1ubuntu2.7"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libcurl3-nss", "packageVersion": "7.35.0-1ubuntu2.15"}, {"OS": "Ubuntu", "OSVersion": "17.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "curl", "packageVersion": "7.55.1-1ubuntu2.4"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libcurl3-gnutls", "packageVersion": "7.35.0-1ubuntu2.15"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libcurl3-nss", "packageVersion": "7.47.0-1ubuntu2.7"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libcurl3", "packageVersion": "7.35.0-1ubuntu2.15"}], "scheme": null}

{"cve": [{"lastseen": "2020-12-09T20:25:29", "description": "A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage", "edition": 11, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2018-03-14T18:29:00", "title": "CVE-2018-1000122", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000122"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:haxx:curl:7.58.0", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/a:oracle:enterprise_manager_ops_center:12.3.3", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:oracle:enterprise_manager_ops_center:12.2.2", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.55", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-1000122", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000122", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.58.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:25:29", "description": "A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service", "edition": 9, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-03-14T18:29:00", "title": "CVE-2018-1000121", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000121"], "modified": "2019-07-23T23:15:00", "cpe": ["cpe:/a:haxx:curl:7.58.0", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/a:oracle:enterprise_manager_ops_center:12.3.3", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:oracle:enterprise_manager_ops_center:12.2.2", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.55", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-1000121", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000121", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.58.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:25:29", "description": "A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.", "edition": 13, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-14T18:29:00", "title": "CVE-2018-1000120", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000120"], "modified": "2019-06-18T22:15:00", "cpe": ["cpe:/a:haxx:curl:7.58.0", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/a:oracle:enterprise_manager_ops_center:12.3.3", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:oracle:enterprise_manager_ops_center:12.2.2", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.55", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-1000120", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000120", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.58.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "f5": [{"lastseen": "2019-10-18T18:30:04", "bulletinFamily": "software", "cvelist": ["CVE-2018-1000120"], "description": "\nF5 Product Development has assigned CPF-24847, CPF-24848, and CPF-24849 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) | 13.x | None | Not applicable | Not vulnerable2 | None | None \n12.x | None | Not applicable \n11.x | None | Not applicable \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable2 | None | None \nBIG-IQ Centralized Management | 5.x | None | Not applicable | Not vulnerable2 | None | None \n4.x | None | Not applicable \nBIG-IQ Cloud and Orchestration | 1.x | None | Not applicable | Not vulnerable2 | None | None \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable2 | None | None \nLineRate | 2.x | None | Not applicable | Not vulnerable2 | None | None \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [5.4](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L>) | cURL/libcurl \n4.x | 4.0.5 - 4.4.0 | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nF5 has identified BIG-IP, BIG-IQ, Enterprise Manager, and F5 iWorkflow as Not vulnerable. However, if you have custom monitors applied to BIG-IP systems, or Advanced Shell (**bash**) access on these F5 products, you should avoid untrusted URLs when using cURL with the **\\--ftp-method singlecwd** argument or when using the **CURLOPT_FTP_FILEMETHOD **setting with binaries linked against libcurl. These settings are not the default and standard FTP monitors; default FTP monitors, applicable to BIG-IP systems only, are not affected.\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-04-13T04:37:00", "published": "2018-04-13T04:37:00", "id": "F5:K22052524", "href": "https://support.f5.com/csp/article/K22052524", "title": "cURL and libcurl vulnerability CVE-2018-1000120", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-29T20:10:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "Multiple vulnerabilities were found in cURL, an URL transfer library:\n\nCVE-2018-1000120\n\nDuy Phan Thanh reported that curl could be fooled into writing a zero byte\nout of bounds when curl was told to work on an FTP URL, with the setting to\nonly issue a single CWD command. The issue could be triggered if the\ndirectory part of the URL contained a ", "modified": "2020-01-29T00:00:00", "published": "2018-03-27T00:00:00", "id": "OPENVAS:1361412562310891309", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891309", "type": "openvas", "title": "Debian LTS: Security Advisory for curl (DLA-1309-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891309\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\");\n script_name(\"Debian LTS: Security Advisory for curl (DLA-1309-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-03-27 00:00:00 +0200 (Tue, 27 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n7.26.0-1+wheezy25.\n\nWe recommend that you upgrade your curl packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were found in cURL, an URL transfer library:\n\nCVE-2018-1000120\n\nDuy Phan Thanh reported that curl could be fooled into writing a zero byte\nout of bounds when curl was told to work on an FTP URL, with the setting to\nonly issue a single CWD command. The issue could be triggered if the\ndirectory part of the URL contained a '%00' sequence.\n\nCVE-2018-1000121\n\nDario Weisser reported that curl might dereference a near-NULL address when\ngetting an LDAP URL. A malicious server that sends a particularly crafted\nresponse could made crash applications that allowed LDAP URL relying on\nlibcurl.\n\nCVE-2018-1000122\n\nOSS-fuzz and Max Dymond found that curl can be tricked into copying data\nbeyond the end of its heap based buffer when asked to transfer an RTSP URL.\ncurl could calculate a wrong data length to copy from the read buffer.\nThis could lead to information leakage or a denial of service.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.26.0-1+wheezy25\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.26.0-1+wheezy25\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.26.0-1+wheezy25\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.26.0-1+wheezy25\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.26.0-1+wheezy25\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.26.0-1+wheezy25\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.26.0-1+wheezy25\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.26.0-1+wheezy25\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-03-21T00:00:00", "id": "OPENVAS:1361412562310874256", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874256", "type": "openvas", "title": "Fedora Update for curl FEDORA-2018-8877b4ccac", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_8877b4ccac_curl_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2018-8877b4ccac\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874256\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-21 15:11:08 +0100 (Wed, 21 Mar 2018)\");\n script_cve_id(\"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2018-8877b4ccac\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-8877b4ccac\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OINLOP7YVADCIGSEIO522TV6L23YOKT\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.55.1~10.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-03-21T00:00:00", "id": "OPENVAS:1361412562310874266", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874266", "type": "openvas", "title": "Fedora Update for curl FEDORA-2018-66c96e0024", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_66c96e0024_curl_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2018-66c96e0024\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874266\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-21 15:13:14 +0100 (Wed, 21 Mar 2018)\");\n script_cve_id(\"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2018-66c96e0024\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-66c96e0024\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MHIV67XNYKO7Y7PXNBXALTBG73EDR67R\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.53.1~16.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181109", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181109", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1109)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1109\");\n script_version(\"2020-01-23T11:12:50+0000\");\n script_cve_id(\"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:12:50 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:12:50 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1109)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1109\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1109\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2018-1109 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior.(CVE-2018-1000120)\n\nA NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply.(CVE-2018-1000121)\n\nA buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage(CVE-2018-1000122)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h18\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h18\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~35.h18\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-03-16T00:00:00", "id": "OPENVAS:1361412562310843476", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843476", "type": "openvas", "title": "Ubuntu Update for curl USN-3598-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3598_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for curl USN-3598-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843476\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-16 08:58:31 +0100 (Fri, 16 Mar 2018)\");\n script_cve_id(\"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for curl USN-3598-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Phan Thanh discovered that curl incorrectly\nhandled certain FTP paths. An attacker could use this to cause a denial of service\nor possibly execute arbitrary code. (CVE-2018-1000120)\n\nDario Weisser discovered that curl incorrectly handled certain LDAP URLs.\nAn attacker could possibly use this issue to cause a denial of service.\n(CVE-2018-1000121)\n\nMax Dymond discovered that curl incorrectly handled certain RTSP data. An\nattacker could possibly use this to cause a denial of service or even to\nget access to sensitive data. (CVE-2018-1000122)\");\n script_tag(name:\"affected\", value:\"curl on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3598-1\");\n script_xref(name:\"URL\", value:\"https://usn.ubuntu.com/usn/usn-3598-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.35.0-1ubuntu2.15\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.35.0-1ubuntu2.15\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:amd64\", ver:\"7.35.0-1ubuntu2.15\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.35.0-1ubuntu2.15\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.35.0-1ubuntu2.15\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.35.0-1ubuntu2.15\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.35.0-1ubuntu2.15\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.55.1-1ubuntu2.4\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.55.1-1ubuntu2.4\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.55.1-1ubuntu2.4\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.55.1-1ubuntu2.4\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.47.0-1ubuntu2.7\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.47.0-1ubuntu2.7\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.47.0-1ubuntu2.7\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.47.0-1ubuntu2.7\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:55:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "Multiple vulnerabilities were discovered in cURL, an URL transfer library.\n\nCVE-2018-1000120\nDuy Phan Thanh discovered that curl could be fooled into writing a\nzero byte out of bounds when curl is told to work on an FTP URL with\nthe setting to only issue a single CWD command, if the directory part\nof the URL contains a ", "modified": "2019-07-04T00:00:00", "published": "2018-03-14T00:00:00", "id": "OPENVAS:1361412562310704136", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704136", "type": "openvas", "title": "Debian Security Advisory DSA 4136-1 (curl - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4136-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704136\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\");\n script_name(\"Debian Security Advisory DSA 4136-1 (curl - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 00:00:00 +0100 (Wed, 14 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4136.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 7.38.0-4+deb8u10.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u5.\n\nWe recommend that you upgrade your curl packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/curl\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were discovered in cURL, an URL transfer library.\n\nCVE-2018-1000120\nDuy Phan Thanh discovered that curl could be fooled into writing a\nzero byte out of bounds when curl is told to work on an FTP URL with\nthe setting to only issue a single CWD command, if the directory part\nof the URL contains a '%00' sequence.\n\nCVE-2018-1000121\nDario Weisser discovered that curl might dereference a near-NULL\naddress when getting an LDAP URL due to the ldap_get_attribute_ber()\nfunction returning LDAP_SUCCESS and a NULL pointer. A malicious server\nmight cause libcurl-using applications that allow LDAP URLs, or that\nallow redirects to LDAP URLs to crash.\n\nCVE-2018-1000122\nOSS-fuzz, assisted by Max Dymond, discovered that curl could be\ntricked into copying data beyond the end of its heap based buffer\nwhen asked to transfer an RTSP URL.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.52.1-5+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.52.1-5+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.52.1-5+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.52.1-5+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.52.1-5+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.52.1-5+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.52.1-5+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.52.1-5+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.52.1-5+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.38.0-4+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.38.0-4+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.38.0-4+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.38.0-4+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.38.0-4+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.38.0-4+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.38.0-4+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.38.0-4+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.38.0-4+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181110", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181110", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1110)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1110\");\n script_version(\"2020-01-23T11:12:53+0000\");\n script_cve_id(\"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:12:53 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:12:53 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1110)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1110\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1110\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2018-1110 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior.(CVE-2018-1000120)\n\nA NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply.(CVE-2018-1000121)\n\nA buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage(CVE-2018-1000122)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h18\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h18\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~35.h18\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:33:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2016-9586", "CVE-2018-1000301"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181203", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181203", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1203)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1203\");\n script_version(\"2020-01-23T11:17:20+0000\");\n script_cve_id(\"CVE-2016-9586\", \"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\", \"CVE-2018-1000301\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:17:20 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:17:20 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1203)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1203\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1203\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2018-1203 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior.(CVE-2018-1000120)\n\nA NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply.(CVE-2018-1000121)\n\nA buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage(CVE-2018-1000122)\n\ncurl version curl 7.20.0 to and including curl 7.59.0 contains a Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded rtsp content.(CVE-2018-1000301)\n\ncurl version curl 7.20.0 to and including curl 7.59.0 contains a Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded rtsp content.(CVE-2016-9586)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h20\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h20\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~35.h20\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2017-8817", "CVE-2018-1000122", "CVE-2017-1000254", "CVE-2016-9586", "CVE-2018-1000301"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181330", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181330", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1330)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1330\");\n script_version(\"2020-01-23T13:52:22+0000\");\n script_cve_id(\"CVE-2016-9586\", \"CVE-2017-1000254\", \"CVE-2017-8817\", \"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\", \"CVE-2018-1000301\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:52:22 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:21:53 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1330)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1330\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1330\");\n script_xref(name:\"URL\", value:\"https://github.com/curl/curl/commit/415d2e7cb7\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2018-1330 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior.(CVE-2018-1000120)\n\nA NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply.(CVE-2018-1000121)\n\nA buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage(CVE-2018-1000122)\n\ncurl version curl 7.20.0 to and including curl 7.59.0 contains a Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded rtsp content.(CVE-2018-1000301)\n\ncurl version curl 7.20.0 to and including curl 7.59.0 contains a Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded rtsp content.(CVE-2016-9586)\n\nlibcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](see references), March 2005. In libcurl version 7.56 ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS Virtualization 2.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h7\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000007", "CVE-2018-14618", "CVE-2017-8816", "CVE-2017-1000257", "CVE-2018-1000301"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191540", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191540", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1540)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1540\");\n script_version(\"2020-01-23T12:09:28+0000\");\n script_cve_id(\"CVE-2017-1000257\", \"CVE-2018-1000007\", \"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\", \"CVE-2018-1000301\", \"CVE-2018-14618\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:09:28 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:09:28 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1540)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1540\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1540\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1540 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)(CVE-2018-14618)\n\nIt was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior.(CVE-2018-1000120)\n\nA NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply.(CVE-2018-1000121)\n\nA buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage.(CVE-2018-1000122)\n\ncurl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. (CVE-2018-1000301)\n\nA buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.(CVE-2017-1000257)\n\nIt was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities. (CVE-2018-1000007)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~46.h10\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~46.h10\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "modified": "2018-03-20T17:38:42", "published": "2018-03-20T17:38:42", "id": "FEDORA:A9F06601B24A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: curl-7.53.1-16.fc26", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "modified": "2018-03-20T18:26:44", "published": "2018-03-20T18:26:44", "id": "FEDORA:41A6660CADCC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: curl-7.55.1-10.fc27", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "modified": "2018-03-30T13:33:07", "published": "2018-03-30T13:33:07", "id": "FEDORA:3EC4162335F8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: curl-7.59.0-2.fc28", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-100025", "CVE-2017-1000254", "CVE-2017-8816", "CVE-2017-8817", "CVE-2018-1000005", "CVE-2018-1000007", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000300", "CVE-2018-1000301"], "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "modified": "2018-05-23T16:00:01", "published": "2018-05-23T16:00:01", "id": "FEDORA:5C8E66094E72", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: curl-7.55.1-11.fc27", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-100025", "CVE-2017-1000254", "CVE-2017-8816", "CVE-2017-8817", "CVE-2018-1000005", "CVE-2018-1000007", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000300", "CVE-2018-1000301", "CVE-2018-14618"], "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "modified": "2018-09-20T18:18:52", "published": "2018-09-20T18:18:52", "id": "FEDORA:87D78601E81F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: curl-7.55.1-14.fc27", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "Arch Linux Security Advisory ASA-201803-19\n==========================================\n\nSeverity: Medium\nDate : 2018-03-19\nCVE-ID : CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122\nPackage : libcurl-gnutls\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-661\n\nSummary\n=======\n\nThe package libcurl-gnutls before version 7.59.0-1 is vulnerable to\nmultiple issues including denial of service and information disclosure.\n\nResolution\n==========\n\nUpgrade to 7.59.0-1.\n\n# pacman -Syu \"libcurl-gnutls>=7.59.0-1\"\n\nThe problems have been fixed upstream in version 7.59.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-1000120 (denial of service)\n\nIt was found that libcurl did not safely parse FTP URLs when using the\nCURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially\ncrafted FTP URL to an application using libcurl, could write a NULL\nbyte at an arbitrary location, resulting in a crash, or an unspecified\nbehavior.\n\n- CVE-2018-1000121 (denial of service)\n\nA NULL pointer dereference exists in the LDAP code of curl >= 7.21.0\nand < curl 7.59.0, allowing an attacker to cause a denial of service.\nlibcurl-using applications that allow LDAP URLs, or that allow\nredirects to LDAP URLs could be made to crash by a malicious server.\n\n- CVE-2018-1000122 (information disclosure)\n\nA buffer over-read exists in curl >= 7.20.0 and < 7.59.0 in the\nRTSP+RTP handling code that allows an attacker to cause a denial of\nservice or information leakage. When asked to transfer an RTSP URL,\ncurl could calculate a wrong data length to copy from the read buffer.\nThe memcpy call would copy data from the heap following the buffer to a\nstorage area that would subsequently be delivered to the application\n(if it didn't cause a crash). This could lead to information leakage or\na denial of service for the application if the server offering the RTSP\ndata can trigger this.\n\nImpact\n======\n\nA remote attacker is able to crash the application or disclose\nsensitive information on the affected host.\n\nReferences\n==========\n\nhttps://curl.haxx.se/docs/adv_2018-9cd6.html\nhttps://curl.haxx.se/CVE-2018-1000120.patch\nhttps://github.com/curl/curl/commit/535432c0adb62fe167ec09621500470b6fa4eb0f\nhttps://curl.haxx.se/docs/adv_2018-97a2.html\nhttps://curl.haxx.se/CVE-2018-1000121.patch\nhttps://github.com/curl/curl/commit/9889db043393092e9d4b5a42720bba0b3d58deba\nhttps://curl.haxx.se/docs/adv_2018-b047.html\nhttps://curl.haxx.se/CVE-2018-1000122.patch\nhttps://github.com/curl/curl/commit/d52dc4760f6d9ca1937eefa2093058a952465128\nhttps://security.archlinux.org/CVE-2018-1000120\nhttps://security.archlinux.org/CVE-2018-1000121\nhttps://security.archlinux.org/CVE-2018-1000122", "modified": "2018-03-19T00:00:00", "published": "2018-03-19T00:00:00", "id": "ASA-201803-19", "href": "https://security.archlinux.org/ASA-201803-19", "type": "archlinux", "title": "[ASA-201803-19] libcurl-gnutls: multiple issues", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "Arch Linux Security Advisory ASA-201803-20\n==========================================\n\nSeverity: Medium\nDate : 2018-03-19\nCVE-ID : CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122\nPackage : lib32-libcurl-gnutls\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-656\n\nSummary\n=======\n\nThe package lib32-libcurl-gnutls before version 7.59.0-1 is vulnerable\nto multiple issues including denial of service and information\ndisclosure.\n\nResolution\n==========\n\nUpgrade to 7.59.0-1.\n\n# pacman -Syu \"lib32-libcurl-gnutls>=7.59.0-1\"\n\nThe problems have been fixed upstream in version 7.59.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-1000120 (denial of service)\n\nIt was found that libcurl did not safely parse FTP URLs when using the\nCURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially\ncrafted FTP URL to an application using libcurl, could write a NULL\nbyte at an arbitrary location, resulting in a crash, or an unspecified\nbehavior.\n\n- CVE-2018-1000121 (denial of service)\n\nA NULL pointer dereference exists in the LDAP code of curl >= 7.21.0\nand < curl 7.59.0, allowing an attacker to cause a denial of service.\nlibcurl-using applications that allow LDAP URLs, or that allow\nredirects to LDAP URLs could be made to crash by a malicious server.\n\n- CVE-2018-1000122 (information disclosure)\n\nA buffer over-read exists in curl >= 7.20.0 and < 7.59.0 in the\nRTSP+RTP handling code that allows an attacker to cause a denial of\nservice or information leakage. When asked to transfer an RTSP URL,\ncurl could calculate a wrong data length to copy from the read buffer.\nThe memcpy call would copy data from the heap following the buffer to a\nstorage area that would subsequently be delivered to the application\n(if it didn't cause a crash). This could lead to information leakage or\na denial of service for the application if the server offering the RTSP\ndata can trigger this.\n\nImpact\n======\n\nA remote attacker is able to crash the application or disclose\nsensitive information on the affected host.\n\nReferences\n==========\n\nhttps://curl.haxx.se/docs/adv_2018-9cd6.html\nhttps://curl.haxx.se/CVE-2018-1000120.patch\nhttps://github.com/curl/curl/commit/535432c0adb62fe167ec09621500470b6fa4eb0f\nhttps://curl.haxx.se/docs/adv_2018-97a2.html\nhttps://curl.haxx.se/CVE-2018-1000121.patch\nhttps://github.com/curl/curl/commit/9889db043393092e9d4b5a42720bba0b3d58deba\nhttps://curl.haxx.se/docs/adv_2018-b047.html\nhttps://curl.haxx.se/CVE-2018-1000122.patch\nhttps://github.com/curl/curl/commit/d52dc4760f6d9ca1937eefa2093058a952465128\nhttps://security.archlinux.org/CVE-2018-1000120\nhttps://security.archlinux.org/CVE-2018-1000121\nhttps://security.archlinux.org/CVE-2018-1000122", "modified": "2018-03-19T00:00:00", "published": "2018-03-19T00:00:00", "id": "ASA-201803-20", "href": "https://security.archlinux.org/ASA-201803-20", "type": "archlinux", "title": "[ASA-201803-20] lib32-libcurl-gnutls: multiple issues", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "Arch Linux Security Advisory ASA-201803-18\n==========================================\n\nSeverity: Medium\nDate : 2018-03-19\nCVE-ID : CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122\nPackage : lib32-libcurl-compat\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-660\n\nSummary\n=======\n\nThe package lib32-libcurl-compat before version 7.59.0-1 is vulnerable\nto multiple issues including denial of service and information\ndisclosure.\n\nResolution\n==========\n\nUpgrade to 7.59.0-1.\n\n# pacman -Syu \"lib32-libcurl-compat>=7.59.0-1\"\n\nThe problems have been fixed upstream in version 7.59.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-1000120 (denial of service)\n\nIt was found that libcurl did not safely parse FTP URLs when using the\nCURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially\ncrafted FTP URL to an application using libcurl, could write a NULL\nbyte at an arbitrary location, resulting in a crash, or an unspecified\nbehavior.\n\n- CVE-2018-1000121 (denial of service)\n\nA NULL pointer dereference exists in the LDAP code of curl >= 7.21.0\nand < curl 7.59.0, allowing an attacker to cause a denial of service.\nlibcurl-using applications that allow LDAP URLs, or that allow\nredirects to LDAP URLs could be made to crash by a malicious server.\n\n- CVE-2018-1000122 (information disclosure)\n\nA buffer over-read exists in curl >= 7.20.0 and < 7.59.0 in the\nRTSP+RTP handling code that allows an attacker to cause a denial of\nservice or information leakage. When asked to transfer an RTSP URL,\ncurl could calculate a wrong data length to copy from the read buffer.\nThe memcpy call would copy data from the heap following the buffer to a\nstorage area that would subsequently be delivered to the application\n(if it didn't cause a crash). This could lead to information leakage or\na denial of service for the application if the server offering the RTSP\ndata can trigger this.\n\nImpact\n======\n\nA remote attacker is able to crash the application or disclose\nsensitive information on the affected host.\n\nReferences\n==========\n\nhttps://curl.haxx.se/docs/adv_2018-9cd6.html\nhttps://curl.haxx.se/CVE-2018-1000120.patch\nhttps://github.com/curl/curl/commit/535432c0adb62fe167ec09621500470b6fa4eb0f\nhttps://curl.haxx.se/docs/adv_2018-97a2.html\nhttps://curl.haxx.se/CVE-2018-1000121.patch\nhttps://github.com/curl/curl/commit/9889db043393092e9d4b5a42720bba0b3d58deba\nhttps://curl.haxx.se/docs/adv_2018-b047.html\nhttps://curl.haxx.se/CVE-2018-1000122.patch\nhttps://github.com/curl/curl/commit/d52dc4760f6d9ca1937eefa2093058a952465128\nhttps://security.archlinux.org/CVE-2018-1000120\nhttps://security.archlinux.org/CVE-2018-1000121\nhttps://security.archlinux.org/CVE-2018-1000122", "modified": "2018-03-19T00:00:00", "published": "2018-03-19T00:00:00", "id": "ASA-201803-18", "href": "https://security.archlinux.org/ASA-201803-18", "type": "archlinux", "title": "[ASA-201803-18] lib32-libcurl-compat: multiple issues", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "Arch Linux Security Advisory ASA-201803-17\n==========================================\n\nSeverity: Medium\nDate : 2018-03-19\nCVE-ID : CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122\nPackage : libcurl-compat\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-655\n\nSummary\n=======\n\nThe package libcurl-compat before version 7.59.0-1 is vulnerable to\nmultiple issues including denial of service and information disclosure.\n\nResolution\n==========\n\nUpgrade to 7.59.0-1.\n\n# pacman -Syu \"libcurl-compat>=7.59.0-1\"\n\nThe problems have been fixed upstream in version 7.59.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-1000120 (denial of service)\n\nIt was found that libcurl did not safely parse FTP URLs when using the\nCURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially\ncrafted FTP URL to an application using libcurl, could write a NULL\nbyte at an arbitrary location, resulting in a crash, or an unspecified\nbehavior.\n\n- CVE-2018-1000121 (denial of service)\n\nA NULL pointer dereference exists in the LDAP code of curl >= 7.21.0\nand < curl 7.59.0, allowing an attacker to cause a denial of service.\nlibcurl-using applications that allow LDAP URLs, or that allow\nredirects to LDAP URLs could be made to crash by a malicious server.\n\n- CVE-2018-1000122 (information disclosure)\n\nA buffer over-read exists in curl >= 7.20.0 and < 7.59.0 in the\nRTSP+RTP handling code that allows an attacker to cause a denial of\nservice or information leakage. When asked to transfer an RTSP URL,\ncurl could calculate a wrong data length to copy from the read buffer.\nThe memcpy call would copy data from the heap following the buffer to a\nstorage area that would subsequently be delivered to the application\n(if it didn't cause a crash). This could lead to information leakage or\na denial of service for the application if the server offering the RTSP\ndata can trigger this.\n\nImpact\n======\n\nA remote attacker is able to crash the application or disclose\nsensitive information on the affected host.\n\nReferences\n==========\n\nhttps://curl.haxx.se/docs/adv_2018-9cd6.html\nhttps://curl.haxx.se/CVE-2018-1000120.patch\nhttps://github.com/curl/curl/commit/535432c0adb62fe167ec09621500470b6fa4eb0f\nhttps://curl.haxx.se/docs/adv_2018-97a2.html\nhttps://curl.haxx.se/CVE-2018-1000121.patch\nhttps://github.com/curl/curl/commit/9889db043393092e9d4b5a42720bba0b3d58deba\nhttps://curl.haxx.se/docs/adv_2018-b047.html\nhttps://curl.haxx.se/CVE-2018-1000122.patch\nhttps://github.com/curl/curl/commit/d52dc4760f6d9ca1937eefa2093058a952465128\nhttps://security.archlinux.org/CVE-2018-1000120\nhttps://security.archlinux.org/CVE-2018-1000121\nhttps://security.archlinux.org/CVE-2018-1000122", "modified": "2018-03-19T00:00:00", "published": "2018-03-19T00:00:00", "id": "ASA-201803-17", "href": "https://security.archlinux.org/ASA-201803-17", "type": "archlinux", "title": "[ASA-201803-17] libcurl-compat: multiple issues", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "Arch Linux Security Advisory ASA-201803-16\n==========================================\n\nSeverity: Medium\nDate : 2018-03-19\nCVE-ID : CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122\nPackage : lib32-curl\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-654\n\nSummary\n=======\n\nThe package lib32-curl before version 7.59.0-1 is vulnerable to\nmultiple issues including denial of service and information disclosure.\n\nResolution\n==========\n\nUpgrade to 7.59.0-1.\n\n# pacman -Syu \"lib32-curl>=7.59.0-1\"\n\nThe problems have been fixed upstream in version 7.59.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-1000120 (denial of service)\n\nIt was found that libcurl did not safely parse FTP URLs when using the\nCURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially\ncrafted FTP URL to an application using libcurl, could write a NULL\nbyte at an arbitrary location, resulting in a crash, or an unspecified\nbehavior.\n\n- CVE-2018-1000121 (denial of service)\n\nA NULL pointer dereference exists in the LDAP code of curl >= 7.21.0\nand < curl 7.59.0, allowing an attacker to cause a denial of service.\nlibcurl-using applications that allow LDAP URLs, or that allow\nredirects to LDAP URLs could be made to crash by a malicious server.\n\n- CVE-2018-1000122 (information disclosure)\n\nA buffer over-read exists in curl >= 7.20.0 and < 7.59.0 in the\nRTSP+RTP handling code that allows an attacker to cause a denial of\nservice or information leakage. When asked to transfer an RTSP URL,\ncurl could calculate a wrong data length to copy from the read buffer.\nThe memcpy call would copy data from the heap following the buffer to a\nstorage area that would subsequently be delivered to the application\n(if it didn't cause a crash). This could lead to information leakage or\na denial of service for the application if the server offering the RTSP\ndata can trigger this.\n\nImpact\n======\n\nA remote attacker is able to crash the application or disclose\nsensitive information on the affected host.\n\nReferences\n==========\n\nhttps://curl.haxx.se/docs/adv_2018-9cd6.html\nhttps://curl.haxx.se/CVE-2018-1000120.patch\nhttps://github.com/curl/curl/commit/535432c0adb62fe167ec09621500470b6fa4eb0f\nhttps://curl.haxx.se/docs/adv_2018-97a2.html\nhttps://curl.haxx.se/CVE-2018-1000121.patch\nhttps://github.com/curl/curl/commit/9889db043393092e9d4b5a42720bba0b3d58deba\nhttps://curl.haxx.se/docs/adv_2018-b047.html\nhttps://curl.haxx.se/CVE-2018-1000122.patch\nhttps://github.com/curl/curl/commit/d52dc4760f6d9ca1937eefa2093058a952465128\nhttps://security.archlinux.org/CVE-2018-1000120\nhttps://security.archlinux.org/CVE-2018-1000121\nhttps://security.archlinux.org/CVE-2018-1000122", "modified": "2018-03-19T00:00:00", "published": "2018-03-19T00:00:00", "id": "ASA-201803-16", "href": "https://security.archlinux.org/ASA-201803-16", "type": "archlinux", "title": "[ASA-201803-16] lib32-curl: multiple issues", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "Arch Linux Security Advisory ASA-201803-15\n==========================================\n\nSeverity: Medium\nDate : 2018-03-19\nCVE-ID : CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122\nPackage : curl\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-653\n\nSummary\n=======\n\nThe package curl before version 7.59.0-1 is vulnerable to multiple\nissues including denial of service and information disclosure.\n\nResolution\n==========\n\nUpgrade to 7.59.0-1.\n\n# pacman -Syu \"curl>=7.59.0-1\"\n\nThe problems have been fixed upstream in version 7.59.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-1000120 (denial of service)\n\nIt was found that libcurl did not safely parse FTP URLs when using the\nCURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially\ncrafted FTP URL to an application using libcurl, could write a NULL\nbyte at an arbitrary location, resulting in a crash, or an unspecified\nbehavior.\n\n- CVE-2018-1000121 (denial of service)\n\nA NULL pointer dereference exists in the LDAP code of curl >= 7.21.0\nand < curl 7.59.0, allowing an attacker to cause a denial of service.\nlibcurl-using applications that allow LDAP URLs, or that allow\nredirects to LDAP URLs could be made to crash by a malicious server.\n\n- CVE-2018-1000122 (information disclosure)\n\nA buffer over-read exists in curl >= 7.20.0 and < 7.59.0 in the\nRTSP+RTP handling code that allows an attacker to cause a denial of\nservice or information leakage. When asked to transfer an RTSP URL,\ncurl could calculate a wrong data length to copy from the read buffer.\nThe memcpy call would copy data from the heap following the buffer to a\nstorage area that would subsequently be delivered to the application\n(if it didn't cause a crash). This could lead to information leakage or\na denial of service for the application if the server offering the RTSP\ndata can trigger this.\n\nImpact\n======\n\nA remote attacker is able to crash the application or disclose\nsensitive information on the affected host.\n\nReferences\n==========\n\nhttps://curl.haxx.se/docs/adv_2018-9cd6.html\nhttps://curl.haxx.se/CVE-2018-1000120.patch\nhttps://github.com/curl/curl/commit/535432c0adb62fe167ec09621500470b6fa4eb0f\nhttps://curl.haxx.se/docs/adv_2018-97a2.html\nhttps://curl.haxx.se/CVE-2018-1000121.patch\nhttps://github.com/curl/curl/commit/9889db043393092e9d4b5a42720bba0b3d58deba\nhttps://curl.haxx.se/docs/adv_2018-b047.html\nhttps://curl.haxx.se/CVE-2018-1000122.patch\nhttps://github.com/curl/curl/commit/d52dc4760f6d9ca1937eefa2093058a952465128\nhttps://security.archlinux.org/CVE-2018-1000120\nhttps://security.archlinux.org/CVE-2018-1000121\nhttps://security.archlinux.org/CVE-2018-1000122", "modified": "2018-03-19T00:00:00", "published": "2018-03-19T00:00:00", "id": "ASA-201803-15", "href": "https://security.archlinux.org/ASA-201803-15", "type": "archlinux", "title": "[ASA-201803-15] curl: multiple issues", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:39", "bulletinFamily": "software", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nPhan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2018-1000120)\n\nDario Weisser discovered that curl incorrectly handled certain LDAP URLs. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-1000121)\n\nMax Dymond discovered that curl incorrectly handled certain RTSP data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. (CVE-2018-1000122)\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3363.x versions prior to 3363.52\n * 3421.x versions prior to 3421.44\n * 3445.x versions prior to 3445.30\n * 3468.x versions prior to 3468.28\n * 3541.x versions prior to 3541.10\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.191.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3363.x versions to 3363.52\n * Upgrade 3421.x versions to 3421.44\n * Upgrade 3445.x versions to 3445.30\n * Upgrade 3468.x versions to 3468.28\n * Upgrade 3541.x versions to 3541.10\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.191.0 or later.\n\n# References\n\n * [USN-3598-1](<https://usn.ubuntu.com/3598-1/>)\n * [CVE-2018-1000120](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000120>)\n * [CVE-2018-1000121](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000121>)\n * [CVE-2018-1000122](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000122>)\n", "edition": 6, "modified": "2018-04-04T00:00:00", "published": "2018-04-04T00:00:00", "id": "CFOUNDRY:1D977E29F1169EF928BB4A0BAE75A4E4", "href": "https://www.cloudfoundry.org/blog/usn-3598-1/", "title": "USN-3598-1: curl vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:35:30", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "**Issue Overview:**\n\nFTP path trickery leads to NIL byte out of bounds write: \nIt was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior. ([CVE-2018-1000120 __](<https://access.redhat.com/security/cve/CVE-2018-1000120>))\n\nLDAP NULL pointer dereference: \nA NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply. ([CVE-2018-1000121 __](<https://access.redhat.com/security/cve/CVE-2018-1000121>))\n\nRTSP RTP buffer over-read: \nA buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage. ([CVE-2018-1000122 __](<https://access.redhat.com/security/cve/CVE-2018-1000122>))\n\n \n**Affected Packages:** \n\n\ncurl\n\n \n**Issue Correction:** \nRun _yum update curl_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n curl-debuginfo-7.53.1-16.84.amzn1.i686 \n curl-7.53.1-16.84.amzn1.i686 \n libcurl-7.53.1-16.84.amzn1.i686 \n libcurl-devel-7.53.1-16.84.amzn1.i686 \n \n src: \n curl-7.53.1-16.84.amzn1.src \n \n x86_64: \n libcurl-devel-7.53.1-16.84.amzn1.x86_64 \n curl-debuginfo-7.53.1-16.84.amzn1.x86_64 \n curl-7.53.1-16.84.amzn1.x86_64 \n libcurl-7.53.1-16.84.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2018-04-19T04:56:00", "published": "2018-04-19T04:56:00", "id": "ALAS-2018-995", "href": "https://alas.aws.amazon.com/ALAS-2018-995.html", "title": "Medium: curl", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:34:37", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "**Issue Overview:**\n\nFTP path trickery leads to NIL byte out of bounds write: \nIt was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior. ([CVE-2018-1000120 __](<https://access.redhat.com/security/cve/CVE-2018-1000120>))\n\nLDAP NULL pointer dereference: \nA NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply. ([CVE-2018-1000121 __](<https://access.redhat.com/security/cve/CVE-2018-1000121>))\n\nRTSP RTP buffer over-read: \nA buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage. ([CVE-2018-1000122 __](<https://access.redhat.com/security/cve/CVE-2018-1000122>))\n\n \n**Affected Packages:** \n\n\ncurl\n\n \n**Issue Correction:** \nRun _yum update curl_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n src: \n curl-7.55.1-10.amzn2.0.1.src \n \n x86_64: \n curl-7.55.1-10.amzn2.0.1.x86_64 \n libcurl-7.55.1-10.amzn2.0.1.x86_64 \n libcurl-devel-7.55.1-10.amzn2.0.1.x86_64 \n curl-debuginfo-7.55.1-10.amzn2.0.1.x86_64 \n \n \n", "edition": 1, "modified": "2018-04-19T04:55:00", "published": "2018-04-19T04:55:00", "id": "ALAS2-2018-995", "href": "https://alas.aws.amazon.com/AL2/ALAS-2018-995.html", "title": "Medium: curl", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:37:05", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000007", "CVE-2018-1000301"], "description": "**Issue Overview:**\n\nThe nss-pem package provides the PEM file reader for Network Security Services (NSS) implemented as a PKCS#11 module. This update contains fixes related to CURL security updates, specifically updating an object ID when reusing a certificate\n\n \n**Affected Packages:** \n\n\nnss-pem\n\n \n**Issue Correction:** \nRun _yum update nss-pem_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n nss-pem-1.0.3-5.amzn2.aarch64 \n nss-pem-debuginfo-1.0.3-5.amzn2.aarch64 \n \n i686: \n nss-pem-1.0.3-5.amzn2.i686 \n nss-pem-debuginfo-1.0.3-5.amzn2.i686 \n \n src: \n nss-pem-1.0.3-5.amzn2.src \n \n x86_64: \n nss-pem-1.0.3-5.amzn2.x86_64 \n nss-pem-debuginfo-1.0.3-5.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2019-01-07T21:51:00", "published": "2019-01-07T21:51:00", "id": "ALAS2-2019-1139", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1139.html", "title": "Medium: nss-pem", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:26", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/curl-7.59.0-i586-1_slack14.2.txz: Upgraded.\n This update fixes security issues:\n FTP path trickery leads to NIL byte out of bounds write\n LDAP NULL pointer dereference\n RTSP RTP buffer over-read\n For more information, see:\n https://curl.haxx.se/docs/adv_2018-9cd6.html\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120\n https://curl.haxx.se/docs/adv_2018-97a2.html\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000121\n https://curl.haxx.se/docs/adv_2018-b047.html\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000122\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.59.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.59.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.59.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.59.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.59.0-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.59.0-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.59.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.59.0-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\na16c379660b3629461f8b963a17d6a4d curl-7.59.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n6f8f8f059c45bb9d55d3ec7c1a579b3d curl-7.59.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n158f51a6895c90b32cf3c7e9547830c3 curl-7.59.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n499cfda3202a0ecffc92a83fdb8c1982 curl-7.59.0-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n5ec638a7b0543572ca4252aff3b0f8fc curl-7.59.0-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n9dd8194bd6786fd8fe586c5de0a1415d curl-7.59.0-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n9b916c08262d4d61a898c889b9fc8c5f n/curl-7.59.0-i586-1.txz\n\nSlackware x86_64 -current package:\n2bcce8a65e87a41863c5d41757ce8701 n/curl-7.59.0-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg curl-7.59.0-i586-1_slack14.2.txz", "modified": "2018-03-16T04:18:28", "published": "2018-03-16T04:18:28", "id": "SSA-2018-074-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.442262", "type": "slackware", "title": "[slackware-security] curl", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-14T01:08:49", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4136-1 security@debian.org\nhttps://www.debian.org/security/ Alessandro Ghedini\nMarch 14, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : curl\nCVE ID : CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122\n\nMultiple vulnerabilities were discovered in cURL, an URL transfer library.\n\nCVE-2018-1000120\n\n Duy Phan Thanh discovered that curl could be fooled into writing a\n zero byte out of bounds when curl is told to work on an FTP URL with\n the setting to only issue a single CWD command, if the directory part\n of the URL contains a &quot;%00&quot; sequence.\n\nCVE-2018-1000121\n\n Dario Weisser discovered that curl might dereference a near-NULL\n address when getting an LDAP URL due to the ldap_get_attribute_ber()\n fuction returning LDAP_SUCCESS and a NULL pointer. A malicious server\n might cause libcurl-using applications that allow LDAP URLs, or that\n allow redirects to LDAP URLs to crash.\n\nCVE-2018-1000122\n\n OSS-fuzz, assisted by Max Dymond, discovered that curl could be\n tricked into copying data beyond the end of its heap based buffer\n when asked to transfer an RTSP URL.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 7.38.0-4+deb8u10.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u5.\n\nWe recommend that you upgrade your curl packages.\n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 14, "modified": "2018-03-14T21:46:39", "published": "2018-03-14T21:46:39", "id": "DEBIAN:DSA-4136-1:5B46E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00062.html", "title": "[SECURITY] [DSA 4136-1] curl security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "description": "Package : curl\nVersion : 7.26.0-1+wheezy25\nCVE ID : CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122\n\n\nMultiple vulnerabilities were found in cURL, an URL transfer library:\n\nCVE-2018-1000120\n\n Duy Phan Thanh reported that curl could be fooled into writing a zero byte\n out of bounds when curl was told to work on an FTP URL, with the setting to\n only issue a single CWD command. The issue could be triggered if the\n directory part of the URL contained a &quot;%00&quot; sequence.\n\nCVE-2018-1000121\n\n Dario Weisser reported that curl might dereference a near-NULL address when\n getting an LDAP URL. A malicious server that sends a particularly crafted\n response could made crash applications that allowed LDAP URL relying on\n libcurl.\n\nCVE-2018-1000122\n\n OSS-fuzz and Max Dymond found that curl can be tricked into copying data\n beyond the end of its heap based buffer when asked to transfer an RTSP URL.\n curl could calculate a wrong data length to copy from the read buffer.\n This could lead to information leakage or a denial of service.\n\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n7.26.0-1+wheezy25.\n\nWe recommend that you upgrade your curl packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2018-03-18T21:22:48", "published": "2018-03-18T21:22:48", "id": "DEBIAN:DLA-1309-1:3655B", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201803/msg00012.html", "title": "[SECURITY] [DLA 1309-1] curl security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-14T06:11:27", "description": "This update for curl fixes the following issues: Following security\nissues were fixed :\n\n - CVE-2018-1000120: A buffer overflow exists in the FTP\n URL handling that allowed an attacker to cause a denial\n of service or possible code execution (bsc#1084521).\n\n - CVE-2018-1000121: A NULL pointer dereference exists in\n the LDAP code that allowed an attacker to cause a denial\n of service (bsc#1084524).\n\n - CVE-2018-1000122: A buffer over-read exists in the\n RTSP+RTP handling code that allowed an attacker to cause\n a denial of service or information leakage\n (bsc#1084532).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-03-23T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:0769-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "modified": "2018-03-23T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:curl-debugsource"], "id": "SUSE_SU-2018-0769-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108579", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0769-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108579);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:0769-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for curl fixes the following issues: Following security\nissues were fixed :\n\n - CVE-2018-1000120: A buffer overflow exists in the FTP\n URL handling that allowed an attacker to cause a denial\n of service or possible code execution (bsc#1084521).\n\n - CVE-2018-1000121: A NULL pointer dereference exists in\n the LDAP code that allowed an attacker to cause a denial\n of service (bsc#1084524).\n\n - CVE-2018-1000122: A buffer over-read exists in the\n RTSP+RTP handling code that allowed an attacker to cause\n a denial of service or information leakage\n (bsc#1084532).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084524\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084532\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000120/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000121/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000122/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180769-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ecbc775c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-522=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-522=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-522=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-522=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-522=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-522=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-522=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-522=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debuginfo-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debugsource-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-32bit-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-debuginfo-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-debugsource-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-32bit-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-debuginfo-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-37.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-23T18:23:10", "description": "This update for curl fixes the following issues: curl was updated to\nversion 7.37.0 (fate#325339 bsc#1084137) This update syncs the curl\nversion to the one in SUSE Linux Enterprise 12 and is full binary\ncompatible to the previous version. This update is done to allow other\nthird-party software like 'R' to be able to be used on the SUSE Linux\nEnterprise 11 codebase. Following security issues were fixed :\n\n - CVE-2018-1000120: A buffer overflow exists in the FTP\n URL handling that allowed an attacker to cause a denial\n of service or possible code execution (bsc#1084521).\n\n - CVE-2018-1000121: A NULL pointer dereference exists in\n the LDAP code that allowed an attacker to cause a denial\n of service (bsc#1084524).\n\n - CVE-2018-1000122: A buffer over-read exists in the\n RTSP+RTP handling code that allowed an attacker to cause\n a denial of service or information leakage\n (bsc#1084532). The package also requires a libopenssl\n that implements the DEFAULT_SUSE cipher list\n (bsc#1081056, bsc#1083463,bsc#1086825)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-17T00:00:00", "title": "SUSE SLES11 Security Update : curl (SUSE-SU-2018:1323-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "modified": "2018-05-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:libcurl4"], "id": "SUSE_SU-2018-1323-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109890", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1323-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109890);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\");\n\n script_name(english:\"SUSE SLES11 Security Update : curl (SUSE-SU-2018:1323-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues: curl was updated to\nversion 7.37.0 (fate#325339 bsc#1084137) This update syncs the curl\nversion to the one in SUSE Linux Enterprise 12 and is full binary\ncompatible to the previous version. This update is done to allow other\nthird-party software like 'R' to be able to be used on the SUSE Linux\nEnterprise 11 codebase. Following security issues were fixed :\n\n - CVE-2018-1000120: A buffer overflow exists in the FTP\n URL handling that allowed an attacker to cause a denial\n of service or possible code execution (bsc#1084521).\n\n - CVE-2018-1000121: A NULL pointer dereference exists in\n the LDAP code that allowed an attacker to cause a denial\n of service (bsc#1084524).\n\n - CVE-2018-1000122: A buffer over-read exists in the\n RTSP+RTP handling code that allowed an attacker to cause\n a denial of service or information leakage\n (bsc#1084532). The package also requires a libopenssl\n that implements the DEFAULT_SUSE cipher list\n (bsc#1081056, bsc#1083463,bsc#1086825)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1081056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084524\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084532\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000120/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000121/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000122/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181323-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?db65cc36\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-curl-13609=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-curl-13609=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-curl-13609=1\n\nSUSE Linux Enterprise Server 11-SECURITY:zypper in -t patch\nsecsp3-curl-13609=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-curl-13609=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-curl-13609=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-curl-13609=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-70.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libcurl4-32bit-7.37.0-70.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"curl-7.37.0-70.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libcurl4-7.37.0-70.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-70.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libcurl4-32bit-7.37.0-70.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"curl-7.37.0-70.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libcurl4-7.37.0-70.27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:16:49", "description": "FTP path trickery leads to NIL byte out of bounds write :\n\nIt was found that libcurl did not safely parse FTP URLs when using the\nCURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a\nspecially crafted FTP URL to an application using libcurl, could write\na NULL byte at an arbitrary location, resulting in a crash, or an\nunspecified behavior. (CVE-2018-1000120)\n\nLDAP NULL pointer dereference :\n\nA NULL pointer dereference flaw was found in the way libcurl checks\nvalues returned by the openldap ldap_get_attribute_ber() function. A\nmalicious LDAP server could use this flaw to crash a libcurl client\napplication via a specially crafted LDAP reply. (CVE-2018-1000121)\n\nRTSP RTP buffer over-read :\n\nA buffer over-read exists in curl 7.20.0 to and including curl 7.58.0\nin the RTSP+RTP handling code that allows an attacker to cause a\ndenial of service or information leakage. (CVE-2018-1000122)", "edition": 21, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-04-20T00:00:00", "title": "Amazon Linux 2 : curl (ALAS-2018-995)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libcurl", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:libcurl-devel", "p-cpe:/a:amazon:linux:curl-debuginfo", "p-cpe:/a:amazon:linux:curl"], "id": "AL2_ALAS-2018-995.NASL", "href": "https://www.tenable.com/plugins/nessus/109178", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2018-995.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109178);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/08/31 12:25:01\");\n\n script_cve_id(\"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\");\n script_xref(name:\"ALAS\", value:\"2018-995\");\n\n script_name(english:\"Amazon Linux 2 : curl (ALAS-2018-995)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"FTP path trickery leads to NIL byte out of bounds write :\n\nIt was found that libcurl did not safely parse FTP URLs when using the\nCURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a\nspecially crafted FTP URL to an application using libcurl, could write\na NULL byte at an arbitrary location, resulting in a crash, or an\nunspecified behavior. (CVE-2018-1000120)\n\nLDAP NULL pointer dereference :\n\nA NULL pointer dereference flaw was found in the way libcurl checks\nvalues returned by the openldap ldap_get_attribute_ber() function. A\nmalicious LDAP server could use this flaw to crash a libcurl client\napplication via a specially crafted LDAP reply. (CVE-2018-1000121)\n\nRTSP RTP buffer over-read :\n\nA buffer over-read exists in curl 7.20.0 to and including curl 7.58.0\nin the RTSP+RTP handling code that allows an attacker to cause a\ndenial of service or information leakage. (CVE-2018-1000122)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2018-995.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update curl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"curl-7.55.1-10.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.55.1-10.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"libcurl-7.55.1-10.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"libcurl-devel-7.55.1-10.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:19:14", "description": " - fix FTP path trickery leads to NIL byte out of bounds\n write (CVE-2018-1000120)\n\n - fix LDAP NULL pointer dereference (CVE-2018-1000121)\n\n - fix RTSP RTP buffer over-read (CVE-2018-1000122)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-03-21T00:00:00", "title": "Fedora 27 : curl (2018-8877b4ccac)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "modified": "2018-03-21T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:curl"], "id": "FEDORA_2018-8877B4CCAC.NASL", "href": "https://www.tenable.com/plugins/nessus/108502", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-8877b4ccac.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108502);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\");\n script_xref(name:\"FEDORA\", value:\"2018-8877b4ccac\");\n\n script_name(english:\"Fedora 27 : curl (2018-8877b4ccac)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix FTP path trickery leads to NIL byte out of bounds\n write (CVE-2018-1000120)\n\n - fix LDAP NULL pointer dereference (CVE-2018-1000121)\n\n - fix RTSP RTP buffer over-read (CVE-2018-1000122)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-8877b4ccac\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"curl-7.55.1-10.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:10:29", "description": "New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-03-16T00:00:00", "title": "Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-074-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.2", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux", "p-cpe:/a:slackware:slackware_linux:curl"], "id": "SLACKWARE_SSA_2018-074-01.NASL", "href": "https://www.tenable.com/plugins/nessus/108382", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2018-074-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108382);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/09/04 13:20:08\");\n\n script_cve_id(\"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\");\n script_xref(name:\"SSA\", value:\"2018-074-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-074-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.442262\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fae05b41\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"curl\", pkgver:\"7.59.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.59.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"curl\", pkgver:\"7.59.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.59.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"curl\", pkgver:\"7.59.0\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.59.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"curl\", pkgver:\"7.59.0\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.59.0\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-05T11:18:46", "description": "This update for curl fixes the following issues :\n\nFollowing security issues were fixed :\n\n - CVE-2018-1000120: A buffer overflow exists in the FTP\n URL handling that allowed an attacker to cause a denial\n of service or possible code execution (bsc#1084521).\n\n - CVE-2018-1000121: A NULL pointer dereference exists in\n the LDAP code that allowed an attacker to cause a denial\n of service (bsc#1084524).\n\n - CVE-2018-1000122: A buffer over-read exists in the\n RTSP+RTP handling code that allowed an attacker to cause\n a denial of service or information leakage\n (bsc#1084532).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-03-27T00:00:00", "title": "openSUSE Security Update : curl (openSUSE-2018-299)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "modified": "2018-03-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl-devel", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:libcurl4-32bit"], "id": "OPENSUSE-2018-299.NASL", "href": "https://www.tenable.com/plugins/nessus/108629", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-299.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108629);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2018-299)\");\n script_summary(english:\"Check for the openSUSE-2018-299 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\nFollowing security issues were fixed :\n\n - CVE-2018-1000120: A buffer overflow exists in the FTP\n URL handling that allowed an attacker to cause a denial\n of service or possible code execution (bsc#1084521).\n\n - CVE-2018-1000121: A NULL pointer dereference exists in\n the LDAP code that allowed an attacker to cause a denial\n of service (bsc#1084524).\n\n - CVE-2018-1000122: A buffer over-read exists in the\n RTSP+RTP handling code that allowed an attacker to cause\n a denial of service or information leakage\n (bsc#1084532).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084524\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084532\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-7.37.0-33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debuginfo-7.37.0-33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debugsource-7.37.0-33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl-devel-7.37.0-33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-7.37.0-33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-debuginfo-7.37.0-33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-33.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / libcurl-devel-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:53:19", "description": "According to the versions of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - It was found that libcurl did not safely parse FTP URLs\n when using the CURLOPT_FTP_FILEMETHOD method. An\n attacker, able to provide a specially crafted FTP URL\n to an application using libcurl, could write a NULL\n byte at an arbitrary location, resulting in a crash, or\n an unspecified behavior.(CVE-2018-1000120)\n\n - A NULL pointer dereference flaw was found in the way\n libcurl checks values returned by the openldap\n ldap_get_attribute_ber() function. A malicious LDAP\n server could use this flaw to crash a libcurl client\n application via a specially crafted LDAP\n reply.(CVE-2018-1000121)\n\n - A buffer over-read exists in curl 7.20.0 to and\n including curl 7.58.0 in the RTSP+RTP handling code\n that allows an attacker to cause a denial of service or\n information leakage(CVE-2018-1000122)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-02T00:00:00", "title": "EulerOS 2.0 SP2 : curl (EulerOS-SA-2018-1110)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "modified": "2018-05-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libcurl-devel", "p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1110.NASL", "href": "https://www.tenable.com/plugins/nessus/109508", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109508);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-1000120\",\n \"CVE-2018-1000121\",\n \"CVE-2018-1000122\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : curl (EulerOS-SA-2018-1110)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - It was found that libcurl did not safely parse FTP URLs\n when using the CURLOPT_FTP_FILEMETHOD method. An\n attacker, able to provide a specially crafted FTP URL\n to an application using libcurl, could write a NULL\n byte at an arbitrary location, resulting in a crash, or\n an unspecified behavior.(CVE-2018-1000120)\n\n - A NULL pointer dereference flaw was found in the way\n libcurl checks values returned by the openldap\n ldap_get_attribute_ber() function. A malicious LDAP\n server could use this flaw to crash a libcurl client\n application via a specially crafted LDAP\n reply.(CVE-2018-1000121)\n\n - A buffer over-read exists in curl 7.20.0 to and\n including curl 7.58.0 in the RTSP+RTP handling code\n that allows an attacker to cause a denial of service or\n information leakage(CVE-2018-1000122)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1110\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ab3e721\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h18\",\n \"libcurl-7.29.0-35.h18\",\n \"libcurl-devel-7.29.0-35.h18\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:39:06", "description": "Multiple vulnerabilities were found in cURL, an URL transfer library :\n\nCVE-2018-1000120\n\nDuy Phan Thanh reported that curl could be fooled into writing a zero\nbyte out of bounds when curl was told to work on an FTP URL, with the\nsetting to only issue a single CWD command. The issue could be\ntriggered if the directory part of the URL contained a '%00' sequence.\n\nCVE-2018-1000121\n\nDario Weisser reported that curl might dereference a near-NULL address\nwhen getting an LDAP URL. A malicious server that sends a particularly\ncrafted response could made crash applications that allowed LDAP URL\nrelying on libcurl.\n\nCVE-2018-1000122\n\nOSS-fuzz and Max Dymond found that curl can be tricked into copying\ndata beyond the end of its heap based buffer when asked to transfer an\nRTSP URL. curl could calculate a wrong data length to copy from the\nread buffer. This could lead to information leakage or a denial of\nservice.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n7.26.0-1+wheezy25.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-03-19T00:00:00", "title": "Debian DLA-1309-1 : curl security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "modified": "2018-03-19T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libcurl4-nss-dev", "p-cpe:/a:debian:debian_linux:libcurl3", "p-cpe:/a:debian:debian_linux:libcurl3-gnutls", "p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev", "p-cpe:/a:debian:debian_linux:libcurl3-nss", "p-cpe:/a:debian:debian_linux:curl", "p-cpe:/a:debian:debian_linux:libcurl3-dbg", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev"], "id": "DEBIAN_DLA-1309.NASL", "href": "https://www.tenable.com/plugins/nessus/108416", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1309-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108416);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\");\n\n script_name(english:\"Debian DLA-1309-1 : curl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were found in cURL, an URL transfer library :\n\nCVE-2018-1000120\n\nDuy Phan Thanh reported that curl could be fooled into writing a zero\nbyte out of bounds when curl was told to work on an FTP URL, with the\nsetting to only issue a single CWD command. The issue could be\ntriggered if the directory part of the URL contained a '%00' sequence.\n\nCVE-2018-1000121\n\nDario Weisser reported that curl might dereference a near-NULL address\nwhen getting an LDAP URL. A malicious server that sends a particularly\ncrafted response could made crash applications that allowed LDAP URL\nrelying on libcurl.\n\nCVE-2018-1000122\n\nOSS-fuzz and Max Dymond found that curl can be tricked into copying\ndata beyond the end of its heap based buffer when asked to transfer an\nRTSP URL. curl could calculate a wrong data length to copy from the\nread buffer. This could lead to information leakage or a denial of\nservice.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n7.26.0-1+wheezy25.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/curl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-nss-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"curl\", reference:\"7.26.0-1+wheezy25\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3\", reference:\"7.26.0-1+wheezy25\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-dbg\", reference:\"7.26.0-1+wheezy25\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-gnutls\", reference:\"7.26.0-1+wheezy25\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-nss\", reference:\"7.26.0-1+wheezy25\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.26.0-1+wheezy25\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.26.0-1+wheezy25\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.26.0-1+wheezy25\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:21:04", "description": "- http2: mark the connection for close on GOAWAY\n\n - new upstream release (7.59.0)\n\n - FTP path trickery leads to NIL byte out of bounds write\n (CVE-2018-1000120)\n\n - LDAP NULL pointer dereference (CVE-2018-1000121)\n\n - RTSP RTP buffer over-read (CVE-2018-1000122)\n\n - ftp: fix typo in recursive callback detection for\n seeking\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : curl (2018-bc65ab5014)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-BC65AB5014.NASL", "href": "https://www.tenable.com/plugins/nessus/120747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-bc65ab5014.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120747);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\");\n script_xref(name:\"FEDORA\", value:\"2018-bc65ab5014\");\n\n script_name(english:\"Fedora 28 : curl (2018-bc65ab5014)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"- http2: mark the connection for close on GOAWAY\n\n - new upstream release (7.59.0)\n\n - FTP path trickery leads to NIL byte out of bounds write\n (CVE-2018-1000120)\n\n - LDAP NULL pointer dereference (CVE-2018-1000121)\n\n - RTSP RTP buffer over-read (CVE-2018-1000122)\n\n - ftp: fix typo in recursive callback detection for\n seeking\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc65ab5014\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"curl-7.59.0-2.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:46:44", "description": "Multiple vulnerabilities were discovered in cURL, an URL transfer\nlibrary.\n\n - CVE-2018-1000120\n Duy Phan Thanh discovered that curl could be fooled into\n writing a zero byte out of bounds when curl is told to\n work on an FTP URL with the setting to only issue a\n single CWD command, if the directory part of the URL\n contains a '%00' sequence.\n\n - CVE-2018-1000121\n Dario Weisser discovered that curl might dereference a\n near-NULL address when getting an LDAP URL due to the\n ldap_get_attribute_ber() function returning LDAP_SUCCESS\n and a NULL pointer. A malicious server might cause\n libcurl-using applications that allow LDAP URLs, or that\n allow redirects to LDAP URLs to crash.\n\n - CVE-2018-1000122\n OSS-fuzz, assisted by Max Dymond, discovered that curl\n could be tricked into copying data beyond the end of its\n heap based buffer when asked to transfer an RTSP URL.", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-03-15T00:00:00", "title": "Debian DSA-4136-1 : curl - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:curl", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4136.NASL", "href": "https://www.tenable.com/plugins/nessus/108345", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4136. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108345);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\");\n script_xref(name:\"DSA\", value:\"4136\");\n\n script_name(english:\"Debian DSA-4136-1 : curl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered in cURL, an URL transfer\nlibrary.\n\n - CVE-2018-1000120\n Duy Phan Thanh discovered that curl could be fooled into\n writing a zero byte out of bounds when curl is told to\n work on an FTP URL with the setting to only issue a\n single CWD command, if the directory part of the URL\n contains a '%00' sequence.\n\n - CVE-2018-1000121\n Dario Weisser discovered that curl might dereference a\n near-NULL address when getting an LDAP URL due to the\n ldap_get_attribute_ber() function returning LDAP_SUCCESS\n and a NULL pointer. A malicious server might cause\n libcurl-using applications that allow LDAP URLs, or that\n allow redirects to LDAP URLs to crash.\n\n - CVE-2018-1000122\n OSS-fuzz, assisted by Max Dymond, discovered that curl\n could be tricked into copying data beyond the end of its\n heap based buffer when asked to transfer an RTSP URL.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-1000120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-1000121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-1000122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4136\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the curl packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 7.38.0-4+deb8u10.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 7.52.1-5+deb9u5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"curl\", reference:\"7.38.0-4+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3\", reference:\"7.38.0-4+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-dbg\", reference:\"7.38.0-4+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-gnutls\", reference:\"7.38.0-4+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-nss\", reference:\"7.38.0-4+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-doc\", reference:\"7.38.0-4+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.38.0-4+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.38.0-4+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.38.0-4+deb8u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"curl\", reference:\"7.52.1-5+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3\", reference:\"7.52.1-5+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-dbg\", reference:\"7.52.1-5+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-gnutls\", reference:\"7.52.1-5+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-nss\", reference:\"7.52.1-5+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-doc\", reference:\"7.52.1-5+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.52.1-5+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.52.1-5+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.52.1-5+deb9u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:36:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000301"], "description": "USN-3598-1 fixed a vulnerability in curl. This update provides \nthe corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nPhan Thanh discovered that curl incorrectly handled certain FTP paths. An \nattacker could use this to cause a denial of service or possibly execute \narbitrary code. (CVE-2018-1000120)\n\nDario Weisser discovered that curl incorrectly handled certain LDAP URLs. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2018-1000121)\n\nMax Dymond discovered that curl incorrectly handled certain RTSP data. An \nattacker could possibly use this to cause a denial of service or even to \nget access to sensitive data. (CVE-2018-1000122)\n\nMax Dymond discovered that curl incorrectly handled certain RTSP responses. \nIf a user or automated system were tricked into connecting to a malicious \nserver, a remote attacker could use this issue to cause curl to crash, \nresulting in a denial of service, or possibly obtain sensitive information. \n(CVE-2018-1000301)", "edition": 6, "modified": "2018-05-24T00:00:00", "published": "2018-05-24T00:00:00", "id": "USN-3598-2", "href": "https://ubuntu.com/security/notices/USN-3598-2", "title": "curl vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2018-04-08T19:09:24", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000007", "CVE-2018-1000005"], "description": "### Background\n\nA command line tool and library for transferring data with URLs.\n\n### Description\n\nMultiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nRemote attackers could cause a Denial of Service condition, obtain sensitive information, or have other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll cURL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/curl-7.59.0\"", "edition": 1, "modified": "2018-04-08T00:00:00", "published": "2018-04-08T00:00:00", "href": "https://security.gentoo.org/glsa/201804-04", "id": "GLSA-201804-04", "type": "gentoo", "title": "cURL: Multiple vulnerabilities", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:11", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000007", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000301"], "description": "The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nThe nss-pem package provides the PEM file reader for Network Security Services (NSS) implemented as a PKCS#11 module.\n\nSecurity Fix(es):\n\n* curl: HTTP authentication leak in redirects (CVE-2018-1000007)\n\n* curl: FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)\n\n* curl: RTSP RTP buffer over-read (CVE-2018-1000122)\n\n* curl: Out-of-bounds heap read when missing RTSP headers allows information leak of denial of service (CVE-2018-1000301)\n\n* curl: LDAP NULL pointer dereference (CVE-2018-1000121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Curl project for reporting these issues. Upstream acknowledges Craig de Stigter as the original reporter of CVE-2018-1000007; Duy Phan Thanh as the original reporter of CVE-2018-1000120; Max Dymond as the original reporter of CVE-2018-1000122; the OSS-fuzz project as the original reporter of CVE-2018-1000301; and Dario Weisser as the original reporter of CVE-2018-1000121.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.", "modified": "2018-10-30T09:23:38", "published": "2018-10-30T08:24:21", "id": "RHSA-2018:3157", "href": "https://access.redhat.com/errata/RHSA-2018:3157", "type": "redhat", "title": "(RHSA-2018:3157) Moderate: curl and nss-pem security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-25T13:42:21", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000007", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000301"], "description": "The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es):\n\n* curl: HTTP authentication leak in redirects (CVE-2018-1000007)\n\n* curl: FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)\n\n* curl: RTSP RTP buffer over-read (CVE-2018-1000122)\n\n* curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service (CVE-2018-1000301)\n\n* curl: LDAP NULL pointer dereference (CVE-2018-1000121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-02-25T16:49:30", "published": "2020-02-25T16:32:48", "id": "RHSA-2020:0594", "href": "https://access.redhat.com/errata/RHSA-2020:0594", "type": "redhat", "title": "(RHSA-2020:0594) Moderate: curl security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-18T15:32:44", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000007", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000301"], "description": "The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es):\n\n* curl: HTTP authentication leak in redirects (CVE-2018-1000007)\n\n* curl: FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)\n\n* curl: RTSP RTP buffer over-read (CVE-2018-1000122)\n\n* curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service (CVE-2018-1000301)\n\n* curl: LDAP NULL pointer dereference (CVE-2018-1000121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-02-18T19:15:53", "published": "2020-02-18T18:56:21", "id": "RHSA-2020:0544", "href": "https://access.redhat.com/errata/RHSA-2020:0544", "type": "redhat", "title": "(RHSA-2020:0544) Moderate: curl security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-08T05:42:19", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0495", "CVE-2018-0732", "CVE-2018-1000005", "CVE-2018-1000007", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-14404", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2019-0211", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-5436"], "description": "This release adds the new Apache HTTP Server 2.4.29 Service Pack 2 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.\n\nSecurity Fix(es):\n\n* openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495)\n\n* openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732)\n\n* libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service (CVE-2018-14404)\n\n* curl: Out-of-bounds read in code handling HTTP/2 trailers (CVE-2018-1000005)\n\n* curl: HTTP authentication leak in redirects (CVE-2018-1000007)\n\n* curl: FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)\n\n* curl: RTSP RTP buffer over-read (CVE-2018-1000122)\n\n* httpd: privilege escalation from modules scripts (CVE-2019-0211)\n\nDetails around these issues, including information about CVEs, severity of the issues, and CVSS scores can be found on the CVE pages listed in the References section below.", "modified": "2020-05-08T08:58:47", "published": "2019-06-18T23:07:29", "id": "RHSA-2019:1543", "href": "https://access.redhat.com/errata/RHSA-2019:1543", "type": "redhat", "title": "(RHSA-2019:1543) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5419", "CVE-2016-5420", "CVE-2016-5421", "CVE-2016-7141", "CVE-2016-7167", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8619", "CVE-2016-8620", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-8625", "CVE-2016-9586", "CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-1000254", "CVE-2017-1000257", "CVE-2017-15710", "CVE-2017-15715", "CVE-2017-7407", "CVE-2017-8816", "CVE-2017-8817", "CVE-2018-1000007", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000301", "CVE-2018-11763", "CVE-2018-1283", "CVE-2018-1301", "CVE-2018-1303", "CVE-2018-1312", "CVE-2018-1333", "CVE-2018-14618"], "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module.\n\nThe following packages have been upgraded to a later upstream version: httpd24-httpd (2.4.34), httpd24-curl (7.61.1). (BZ#1590833, BZ#1648928)\n\nSecurity Fix(es):\n\n* httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283)\n\n* httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS (CVE-2018-1303)\n\n* httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS (CVE-2018-1333)\n\n* httpd: DoS for HTTP/2 connections by continuous SETTINGS frames (CVE-2018-11763)\n\n* httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)\n\n* httpd: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715)\n\n* httpd: Out of bounds access after failure in reading the HTTP request (CVE-2018-1301)\n\n* httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)\n\n* curl: Multiple security issues were fixed in httpd24-curl (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-7407, CVE-2017-8816, CVE-2017-8817, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301, CVE-2018-14618)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Curl project for reporting CVE-2017-8816, CVE-2017-8817, CVE-2017-1000254, CVE-2017-1000257, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000122, CVE-2018-1000301, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2018-14618, and CVE-2018-1000121. Upstream acknowledges Alex Nichols as the original reporter of CVE-2017-8816; the OSS-Fuzz project as the original reporter of CVE-2017-8817 and CVE-2018-1000301; Max Dymond as the original reporter of CVE-2017-1000254 and CVE-2018-1000122; Brian Carpenter and the OSS-Fuzz project as the original reporters of CVE-2017-1000257; Craig de Stigter as the original reporter of CVE-2018-1000007; Duy Phan Thanh as the original reporter of CVE-2018-1000120; Even Rouault as the original reporter of CVE-2017-1000100; Brian Carpenter as the original reporter of CVE-2017-1000101; Zhaoyang Wu as the original reporter of CVE-2018-14618; and Dario Weisser as the original reporter of CVE-2018-1000121.\n\nBug Fix(es):\n\n* Previously, the Apache HTTP Server from the httpd24 Software Collection was unable to handle situations when static content was repeatedly requested in a browser by refreshing the page. As a consequence, HTTP/2 connections timed out and httpd became unresponsive. This bug has been fixed, and HTTP/2 connections now work as expected in the described scenario. (BZ#1518737)\n\nEnhancement(s):\n\n* This update adds the mod_md module to the httpd24 Software Collection. This module enables managing domains across virtual hosts and certificate provisioning using the Automatic Certificate Management Environment (ACME) protocol. The mod_md module is available only for Red Hat Enterprise Linux 7. (BZ#1640722)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Software Collections 3.2 Release Notes linked from the References section.", "modified": "2018-11-13T13:04:35", "published": "2018-11-13T13:00:33", "id": "RHSA-2018:3558", "href": "https://access.redhat.com/errata/RHSA-2018:3558", "type": "redhat", "title": "(RHSA-2018:3558) Moderate: httpd24 security, bug fix, and enhancement update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2020-10-22T17:14:34", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000007", "CVE-2018-1000301"], "description": "curl\n[7.29.0-51]\n- require a new enough version of nss-pem to avoid regression in yum (#1610998)\n[7.29.0-50]\n- remove dead code, detected by Coverity Analysis\n- remove unused variable, detected by GCC and Clang\n[7.29.0-49]\n- make curl --speed-limit work with TFTP (#1584750)\n[7.29.0-48]\n- fix RTSP bad headers buffer over-read (CVE-2018-1000301)\n- fix FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)\n- fix LDAP NULL pointer dereference (CVE-2018-1000121)\n- fix RTSP RTP buffer over-read (CVE-2018-1000122)\n- http: prevent custom Authorization headers in redirects (CVE-2018-1000007)\n- doc: --tlsauthtype works only if built with TLS-SRP support (#1542256)\n- update certificates in the test-suite because they expire soon (#1572723)\n[7.29.0-47]\n- make NSS deallocate PKCS #11 objects early enough (#1510247)\nnss-pem\n[1.0.3-5]\n- update object ID while reusing a certificate (#1610998)", "edition": 3, "modified": "2018-11-05T00:00:00", "published": "2018-11-05T00:00:00", "id": "ELSA-2018-3157", "href": "http://linux.oracle.com/errata/ELSA-2018-3157.html", "title": "curl and nss-pem security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:25:24", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000007", "CVE-2018-1000301"], "description": "**CentOS Errata and Security Advisory** CESA-2018:3157\n\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nThe nss-pem package provides the PEM file reader for Network Security Services (NSS) implemented as a PKCS#11 module.\n\nSecurity Fix(es):\n\n* curl: HTTP authentication leak in redirects (CVE-2018-1000007)\n\n* curl: FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)\n\n* curl: RTSP RTP buffer over-read (CVE-2018-1000122)\n\n* curl: Out-of-bounds heap read when missing RTSP headers allows information leak of denial of service (CVE-2018-1000301)\n\n* curl: LDAP NULL pointer dereference (CVE-2018-1000121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Curl project for reporting these issues. Upstream acknowledges Craig de Stigter as the original reporter of CVE-2018-1000007; Duy Phan Thanh as the original reporter of CVE-2018-1000120; Max Dymond as the original reporter of CVE-2018-1000122; the OSS-fuzz project as the original reporter of CVE-2018-1000301; and Dario Weisser as the original reporter of CVE-2018-1000121.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005353.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005580.html\n\n**Affected packages:**\ncurl\nlibcurl\nlibcurl-devel\nnss-pem\n\n**Upstream details at:**\n", "edition": 82, "modified": "2018-11-15T18:50:29", "published": "2018-11-15T18:44:09", "id": "CESA-2018:3157", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2018-November/005353.html", "title": "curl, libcurl, nss security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oracle": [{"lastseen": "2020-10-04T21:15:55", "bulletinFamily": "software", "cvelist": ["CVE-2014-0114", "CVE-2015-0852", "CVE-2015-1832", "CVE-2015-4760", "CVE-2015-7940", "CVE-2015-8965", "CVE-2015-9251", "CVE-2016-0635", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-4000", "CVE-2016-5684", "CVE-2016-6814", "CVE-2016-9389", "CVE-2016-9392", "CVE-2016-9583", "CVE-2017-0379", "CVE-2017-13745", "CVE-2017-14229", "CVE-2017-14735", "CVE-2017-15095", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3738", "CVE-2017-5645", "CVE-2017-7525", "CVE-2017-7658", "CVE-2017-9526", "CVE-2017-9798", "CVE-2018-0732", "CVE-2018-0733", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000180", "CVE-2018-1000300", "CVE-2018-1000301", "CVE-2018-1000613", "CVE-2018-1000632", "CVE-2018-10933", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11212", "CVE-2018-11307", "CVE-2018-11763", "CVE-2018-11775", "CVE-2018-11776", "CVE-2018-11784", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1313", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-3125", "CVE-2018-3147", "CVE-2018-3246", "CVE-2018-3303", "CVE-2018-3304", "CVE-2018-3305", "CVE-2018-3309", "CVE-2018-3311", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5390", "CVE-2018-5407", "CVE-2018-6922", "CVE-2018-7489", "CVE-2018-8013", "CVE-2018-9206", "CVE-2019-2395", "CVE-2019-2396", "CVE-2019-2397", "CVE-2019-2398", "CVE-2019-2399", "CVE-2019-2400", "CVE-2019-2401", "CVE-2019-2402", "CVE-2019-2403", "CVE-2019-2404", "CVE-2019-2405", "CVE-2019-2406", "CVE-2019-2407", "CVE-2019-2408", "CVE-2019-2409", "CVE-2019-2410", "CVE-2019-2411", "CVE-2019-2412", "CVE-2019-2413", "CVE-2019-2414", "CVE-2019-2415", "CVE-2019-2416", "CVE-2019-2417", "CVE-2019-2418", "CVE-2019-2419", "CVE-2019-2420", "CVE-2019-2421", "CVE-2019-2422", "CVE-2019-2423", "CVE-2019-2425", "CVE-2019-2426", "CVE-2019-2427", "CVE-2019-2429", "CVE-2019-2430", "CVE-2019-2431", "CVE-2019-2432", "CVE-2019-2433", "CVE-2019-2434", "CVE-2019-2435", "CVE-2019-2436", "CVE-2019-2437", "CVE-2019-2438", "CVE-2019-2439", "CVE-2019-2440", "CVE-2019-2441", "CVE-2019-2442", "CVE-2019-2443", "CVE-2019-2444", "CVE-2019-2445", "CVE-2019-2446", "CVE-2019-2447", "CVE-2019-2448", "CVE-2019-2449", "CVE-2019-2450", "CVE-2019-2451", "CVE-2019-2452", "CVE-2019-2453", "CVE-2019-2455", "CVE-2019-2456", "CVE-2019-2457", "CVE-2019-2458", "CVE-2019-2459", "CVE-2019-2460", "CVE-2019-2461", "CVE-2019-2462", "CVE-2019-2463", "CVE-2019-2464", "CVE-2019-2465", "CVE-2019-2466", "CVE-2019-2467", "CVE-2019-2468", "CVE-2019-2469", "CVE-2019-2470", "CVE-2019-2471", "CVE-2019-2472", "CVE-2019-2473", "CVE-2019-2474", "CVE-2019-2475", "CVE-2019-2476", "CVE-2019-2477", "CVE-2019-2478", "CVE-2019-2479", "CVE-2019-2480", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2485", "CVE-2019-2486", "CVE-2019-2487", "CVE-2019-2488", "CVE-2019-2489", "CVE-2019-2490", "CVE-2019-2491", "CVE-2019-2492", "CVE-2019-2493", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2496", "CVE-2019-2497", "CVE-2019-2498", "CVE-2019-2499", "CVE-2019-2500", "CVE-2019-2501", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2504", "CVE-2019-2505", "CVE-2019-2506", "CVE-2019-2507", "CVE-2019-2508", "CVE-2019-2509", "CVE-2019-2510", "CVE-2019-2511", "CVE-2019-2512", "CVE-2019-2513", "CVE-2019-2519", "CVE-2019-2520", "CVE-2019-2521", "CVE-2019-2522", "CVE-2019-2523", "CVE-2019-2524", "CVE-2019-2525", "CVE-2019-2526", "CVE-2019-2527", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2538", "CVE-2019-2539", "CVE-2019-2540", "CVE-2019-2541", "CVE-2019-2543", "CVE-2019-2544", "CVE-2019-2545", "CVE-2019-2546", "CVE-2019-2547", "CVE-2019-2548", "CVE-2019-2549", "CVE-2019-2550", "CVE-2019-2552", "CVE-2019-2553", "CVE-2019-2554", "CVE-2019-2555", "CVE-2019-2556"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 284 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at January 2019 Critical Patch Update: Executive Summary and Analysis.\n", "modified": "2020-02-13T00:00:00", "published": "2019-01-15T00:00:00", "id": "ORACLE:CPUJAN2019", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - January 2019", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:20:54", "bulletinFamily": "software", "cvelist": ["CVE-2019-2520", "CVE-2019-2509", "CVE-2015-9251", "CVE-2019-2451", "CVE-2017-9798", "CVE-2019-2488", "CVE-2019-2395", "CVE-2019-2470", "CVE-2015-8965", "CVE-2018-1000120", "CVE-2018-0732", "CVE-2019-2444", "CVE-2018-1000180", "CVE-2019-2427", "CVE-2019-2501", "CVE-2019-2400", "CVE-2019-2529", "CVE-2019-2412", "CVE-2019-2525", "CVE-2019-2532", "CVE-2018-3311", "CVE-2019-2512", "CVE-2019-2471", "CVE-2019-2521", "CVE-2018-9206", "CVE-2019-2419", "CVE-2018-1275", "CVE-2019-2496", "CVE-2018-7489", "CVE-2019-2416", "CVE-2019-2474", "CVE-2019-2494", "CVE-2018-0734", "CVE-2019-2460", "CVE-2019-2531", "CVE-2018-5407", "CVE-2019-2437", "CVE-2017-3735", "CVE-2017-7658", "CVE-2019-2489", "CVE-2019-2448", "CVE-2019-2439", "CVE-2018-1271", "CVE-2019-2490", "CVE-2019-2447", "CVE-2018-14719", "CVE-2019-2547", "CVE-2019-2553", "CVE-2018-3246", "CVE-2019-2528", "CVE-2018-1000121", "CVE-2019-2423", "CVE-2019-2549", "CVE-2018-11039", "CVE-2019-2434", "CVE-2019-2541", "CVE-2019-2410", "CVE-2019-2449", "CVE-2018-11307", "CVE-2019-2543", "CVE-2019-2425", "CVE-2019-2544", "CVE-2018-3304", "CVE-2018-14720", "CVE-2015-1832", "CVE-2019-2445", "CVE-2018-10933", "CVE-2019-2506", "CVE-2016-0635", "CVE-2019-2466", "CVE-2019-2438", "CVE-2019-2546", "CVE-2019-2407", "CVE-2019-2417", "CVE-2019-2511", "CVE-2019-2486", "CVE-2018-14718", "CVE-2019-2482", "CVE-2019-2402", "CVE-2019-2406", "CVE-2018-12022", "CVE-2019-2456", "CVE-2016-1182", "CVE-2018-1258", "CVE-2019-2530", "CVE-2015-0852", "CVE-2019-2396", "CVE-2019-2554", "CVE-2018-1000122", "CVE-2019-2465", "CVE-2019-2415", "CVE-2018-3303", "CVE-2019-2472", "CVE-2019-2399", "CVE-2019-2519", "CVE-2019-2497", "CVE-2019-2452", "CVE-2017-9526", "CVE-2019-2513", "CVE-2019-2414", "CVE-2019-2420", "CVE-2018-11776", "CVE-2018-3646", "CVE-2018-11775", "CVE-2018-0735", "CVE-2019-2493", "CVE-2019-2527", "CVE-2019-2479", "CVE-2018-1257", "CVE-2019-2473", "CVE-2019-2536", "CVE-2019-2461", "CVE-2018-14721", "CVE-2019-2552", "CVE-2018-1000300", "CVE-2019-2537", "CVE-2019-2504", "CVE-2019-2477", "CVE-2018-11212", "CVE-2019-2397", "CVE-2014-0114", "CVE-2019-2523", "CVE-2019-2443", "CVE-2019-2421", "CVE-2019-2485", "CVE-2019-2442", "CVE-2019-2401", "CVE-2018-0739", "CVE-2019-2539", "CVE-2019-2426", "CVE-2019-2462", "CVE-2019-2436", "CVE-2019-2534", "CVE-2019-2491", "CVE-2019-2510", "CVE-2019-2411", "CVE-2019-2502", "CVE-2018-1313", "CVE-2018-1000613", "CVE-2019-2535", "CVE-2018-8013", "CVE-2019-2432", "CVE-2019-2487", "CVE-2016-9583", "CVE-2019-2463", "CVE-2019-2469", "CVE-2018-1272", "CVE-2017-7525", "CVE-2019-2545", "CVE-2019-2538", "CVE-2019-2500", "CVE-2019-2398", "CVE-2019-2453", "CVE-2018-3147", "CVE-2019-2498", "CVE-2018-1270", "CVE-2017-13745", "CVE-2019-2555", "CVE-2019-2413", "CVE-2016-9389", "CVE-2018-11763", "CVE-2019-2476", "CVE-2018-0733", "CVE-2019-2404", "CVE-2016-5684", "CVE-2016-1181", "CVE-2017-14735", "CVE-2017-3738", "CVE-2019-2548", "CVE-2019-2507", "CVE-2019-2409", "CVE-2019-2533", "CVE-2018-1000632", "CVE-2019-2503", "CVE-2019-2464", "CVE-2019-2435", "CVE-2018-3309", "CVE-2016-9392", "CVE-2019-2522", "CVE-2018-11784", "CVE-2019-2431", "CVE-2017-5645", "CVE-2019-2405", "CVE-2019-2450", "CVE-2019-2478", "CVE-2019-2429", "CVE-2019-2540", "CVE-2019-2467", "CVE-2018-6922", "CVE-2018-5390", "CVE-2015-7940", "CVE-2016-4000", "CVE-2017-3736", "CVE-2019-2524", "CVE-2019-2556", "CVE-2017-0379", "CVE-2019-2495", "CVE-2019-2480", "CVE-2019-2418", "CVE-2018-0737", "CVE-2019-2433", "CVE-2019-2468", "CVE-2019-2457", "CVE-2019-2526", "CVE-2019-2440", "CVE-2017-15095", "CVE-2018-11040", "CVE-2019-2508", "CVE-2019-2422", "CVE-2019-2550", "CVE-2018-3125", "CVE-2016-6814", "CVE-2017-14229", "CVE-2019-2459", "CVE-2016-1000031", "CVE-2019-2481", "CVE-2018-3639", "CVE-2019-2408", "CVE-2019-2446", "CVE-2018-1000301", "CVE-2018-12023", "CVE-2018-3305", "CVE-2015-4760", "CVE-2019-2458", "CVE-2019-2505", "CVE-2019-2430", "CVE-2019-2492", "CVE-2019-2441", "CVE-2019-2403", "CVE-2019-2475", "CVE-2019-2499", "CVE-2019-2455"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 284 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ January 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2489117.1>).\n", "modified": "2019-04-18T00:00:00", "published": "2019-01-15T00:00:00", "id": "ORACLE:CPUJAN2019-5072801", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - January 2019", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T15:41:19", "bulletinFamily": "software", "cvelist": ["CVE-2014-0114", "CVE-2015-0226", "CVE-2015-0227", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2183", "CVE-2016-3473", "CVE-2016-5007", "CVE-2016-6306", "CVE-2016-6497", "CVE-2016-6814", "CVE-2016-7103", "CVE-2016-8610", "CVE-2016-8735", "CVE-2016-9572", "CVE-2016-9878", "CVE-2017-14735", "CVE-2017-15095", "CVE-2017-3164", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-5645", "CVE-2017-5647", "CVE-2017-5664", "CVE-2017-5715", "CVE-2017-7525", "CVE-2018-0732", "CVE-2018-0733", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000180", "CVE-2018-1000301", "CVE-2018-1000613", "CVE-2018-1000873", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-11775", "CVE-2018-11784", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-16890", "CVE-2018-17189", "CVE-2018-17197", "CVE-2018-17199", "CVE-2018-17960", "CVE-2018-18311", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-2883", "CVE-2018-3111", "CVE-2018-3315", "CVE-2018-3316", "CVE-2018-5407", "CVE-2018-7489", "CVE-2018-8013", "CVE-2018-8034", "CVE-2018-8039", "CVE-2018-9861", "CVE-2019-0190", "CVE-2019-0192", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0199", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0222", "CVE-2019-0232", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12814", "CVE-2019-1543", "CVE-2019-1559", "CVE-2019-2484", "CVE-2019-2561", "CVE-2019-2569", "CVE-2019-2599", "CVE-2019-2666", "CVE-2019-2668", "CVE-2019-2672", "CVE-2019-2725", "CVE-2019-2727", "CVE-2019-2728", "CVE-2019-2729", "CVE-2019-2730", "CVE-2019-2731", "CVE-2019-2732", "CVE-2019-2733", "CVE-2019-2735", "CVE-2019-2736", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2741", "CVE-2019-2742", "CVE-2019-2743", "CVE-2019-2744", "CVE-2019-2745", "CVE-2019-2746", "CVE-2019-2747", "CVE-2019-2748", "CVE-2019-2749", "CVE-2019-2750", "CVE-2019-2751", "CVE-2019-2752", "CVE-2019-2753", "CVE-2019-2754", "CVE-2019-2755", "CVE-2019-2756", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2759", "CVE-2019-2760", "CVE-2019-2761", "CVE-2019-2762", "CVE-2019-2763", "CVE-2019-2764", "CVE-2019-2766", "CVE-2019-2767", "CVE-2019-2768", "CVE-2019-2769", "CVE-2019-2770", "CVE-2019-2771", "CVE-2019-2772", "CVE-2019-2773", "CVE-2019-2774", "CVE-2019-2775", "CVE-2019-2776", "CVE-2019-2777", "CVE-2019-2778", "CVE-2019-2779", "CVE-2019-2780", "CVE-2019-2781", "CVE-2019-2782", "CVE-2019-2783", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2786", "CVE-2019-2787", "CVE-2019-2788", "CVE-2019-2789", "CVE-2019-2790", "CVE-2019-2791", "CVE-2019-2792", "CVE-2019-2793", "CVE-2019-2794", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2799", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2804", "CVE-2019-2805", "CVE-2019-2807", "CVE-2019-2808", "CVE-2019-2809", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2813", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2816", "CVE-2019-2817", "CVE-2019-2818", "CVE-2019-2819", "CVE-2019-2820", "CVE-2019-2821", "CVE-2019-2822", "CVE-2019-2823", "CVE-2019-2824", "CVE-2019-2825", "CVE-2019-2826", "CVE-2019-2827", "CVE-2019-2828", "CVE-2019-2829", "CVE-2019-2830", "CVE-2019-2831", "CVE-2019-2832", "CVE-2019-2833", "CVE-2019-2834", "CVE-2019-2835", "CVE-2019-2836", "CVE-2019-2837", "CVE-2019-2838", "CVE-2019-2839", "CVE-2019-2840", "CVE-2019-2841", "CVE-2019-2842", "CVE-2019-2843", "CVE-2019-2844", "CVE-2019-2845", "CVE-2019-2846", "CVE-2019-2847", "CVE-2019-2848", "CVE-2019-2850", "CVE-2019-2852", "CVE-2019-2853", "CVE-2019-2854", "CVE-2019-2855", "CVE-2019-2856", "CVE-2019-2857", "CVE-2019-2858", "CVE-2019-2859", "CVE-2019-2860", "CVE-2019-2861", "CVE-2019-2862", "CVE-2019-2863", "CVE-2019-2864", "CVE-2019-2865", "CVE-2019-2866", "CVE-2019-2867", "CVE-2019-2868", "CVE-2019-2869", "CVE-2019-2870", "CVE-2019-2871", "CVE-2019-2873", "CVE-2019-2874", "CVE-2019-2875", "CVE-2019-2876", "CVE-2019-2877", "CVE-2019-2878", "CVE-2019-2879", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-5597", "CVE-2019-5598", "CVE-2019-6129", "CVE-2019-7317"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 319 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2559985.1>).\n\n** Please note that since the release of the April 2019 Critical Patch Update, Oracle has released two Security Alerts for Oracle WebLogic Server: CVE-2019-2725 (April 29, 2019) and CVE-2019-2729 (June 18, 2019). WebLogic Server customers are strongly advised to apply the fixes contained in this Critical Patch Update, which provides the fixes for the previously-released Alerts as well as additional fixes.**\n", "modified": "2020-10-12T00:00:00", "published": "2019-07-16T00:00:00", "id": "ORACLE:CPUJUL2019", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - July 2019", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-16T16:32:12", "bulletinFamily": "software", "cvelist": ["CVE-2019-2794", "CVE-2019-2853", "CVE-2019-2820", "CVE-2019-0220", "CVE-2018-19362", "CVE-2015-9251", "CVE-2019-2768", "CVE-2019-5598", "CVE-2019-2839", "CVE-2019-2484", "CVE-2019-2842", "CVE-2019-2793", "CVE-2019-12086", "CVE-2018-1000120", "CVE-2019-2867", "CVE-2019-2824", "CVE-2018-0732", "CVE-2019-2740", "CVE-2019-2818", "CVE-2016-7103", "CVE-2019-2743", "CVE-2018-11055", "CVE-2018-1000180", "CVE-2019-2672", "CVE-2018-1304", "CVE-2019-2855", "CVE-2018-17960", "CVE-2019-2795", "CVE-2019-2798", "CVE-2019-11358", "CVE-2019-2788", "CVE-2019-2825", "CVE-2019-0217", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2015-0227", "CVE-2019-2878", "CVE-2019-2807", "CVE-2019-2784", "CVE-2018-1275", "CVE-2019-2856", "CVE-2019-2879", "CVE-2018-7489", "CVE-2018-19361", "CVE-2016-6306", "CVE-2019-2838", "CVE-2019-2770", "CVE-2019-2785", "CVE-2019-2762", "CVE-2016-2183", "CVE-2019-2799", "CVE-2018-0734", "CVE-2019-2817", "CVE-2018-5407", "CVE-2019-0190", "CVE-2019-2736", "CVE-2016-9878", "CVE-2017-3735", "CVE-2019-2781", "CVE-2019-7317", "CVE-2018-15756", "CVE-2018-1271", "CVE-2018-14719", "CVE-2016-3473", "CVE-2019-2599", "CVE-2019-3823", "CVE-2019-6129", "CVE-2019-2764", "CVE-2018-1000121", "CVE-2019-2808", "CVE-2019-2833", "CVE-2019-2749", "CVE-2018-11039", "CVE-2019-2731", "CVE-2019-2758", "CVE-2019-2845", "CVE-2019-2816", "CVE-2019-2761", "CVE-2019-2850", "CVE-2019-2830", "CVE-2019-2847", "CVE-2018-11307", "CVE-2019-0192", "CVE-2019-0211", "CVE-2018-14720", "CVE-2019-2805", "CVE-2019-2854", "CVE-2019-2782", "CVE-2019-2810", "CVE-2018-18311", "CVE-2019-2748", "CVE-2019-2754", "CVE-2019-2778", "CVE-2019-2852", "CVE-2019-2826", "CVE-2019-2862", "CVE-2019-2789", "CVE-2019-2759", "CVE-2016-0701", "CVE-2019-0232", "CVE-2017-3737", "CVE-2019-2732", "CVE-2019-2745", "CVE-2019-12814", "CVE-2019-2860", "CVE-2019-2737", "CVE-2019-2777", "CVE-2018-12022", "CVE-2019-2877", "CVE-2016-1182", "CVE-2018-1258", "CVE-2019-2837", "CVE-2019-0199", "CVE-2019-2841", "CVE-2019-2776", "CVE-2018-1000122", "CVE-2019-2730", "CVE-2018-1305", "CVE-2019-2666", "CVE-2019-2763", "CVE-2019-2846", "CVE-2019-2790", "CVE-2019-2848", "CVE-2018-11057", "CVE-2015-0226", "CVE-2018-16890", "CVE-2019-1543", "CVE-2016-8610", "CVE-2019-2733", "CVE-2019-2752", "CVE-2018-1000873", "CVE-2018-11056", "CVE-2018-11775", "CVE-2018-0735", "CVE-2017-5647", "CVE-2019-2829", "CVE-2019-2751", "CVE-2018-1257", "CVE-2017-5715", "CVE-2019-2738", "CVE-2018-14721", "CVE-2019-2803", "CVE-2019-2767", "CVE-2019-2775", "CVE-2019-2727", "CVE-2016-6497", "CVE-2019-2668", "CVE-2018-3111", "CVE-2014-0114", "CVE-2019-2823", "CVE-2018-3315", "CVE-2019-0215", "CVE-2019-2821", "CVE-2019-5597", "CVE-2018-0739", "CVE-2019-2771", "CVE-2019-2843", "CVE-2019-2861", "CVE-2018-8034", "CVE-2018-15769", "CVE-2019-2757", "CVE-2019-2831", "CVE-2019-2865", "CVE-2019-2815", "CVE-2019-2796", "CVE-2018-1000613", "CVE-2016-9572", "CVE-2019-0197", "CVE-2019-2747", "CVE-2019-2739", "CVE-2019-2797", "CVE-2018-8013", "CVE-2019-2866", "CVE-2019-2769", "CVE-2019-0196", "CVE-2018-1272", "CVE-2019-2741", "CVE-2017-7525", "CVE-2019-2840", "CVE-2019-2835", "CVE-2019-2783", "CVE-2017-3164", "CVE-2018-1270", "CVE-2019-2809", "CVE-2019-2728", "CVE-2017-5664", "CVE-2019-2772", "CVE-2019-2791", "CVE-2016-5007", "CVE-2019-2875", "CVE-2019-2760", "CVE-2018-19360", "CVE-2018-0733", "CVE-2018-17199", "CVE-2016-1181", "CVE-2019-2792", "CVE-2019-2774", "CVE-2019-2812", "CVE-2016-8735", "CVE-2019-2836", "CVE-2018-17189", "CVE-2019-2859", "CVE-2017-14735", "CVE-2017-3738", "CVE-2019-2750", "CVE-2019-0222", "CVE-2019-2779", "CVE-2019-2766", "CVE-2019-2804", "CVE-2019-2871", "CVE-2018-11058", "CVE-2019-2744", "CVE-2019-2725", "CVE-2019-2746", "CVE-2019-2868", "CVE-2019-1559", "CVE-2018-3316", "CVE-2018-17197", "CVE-2018-11784", "CVE-2017-5645", "CVE-2019-2800", "CVE-2019-3822", "CVE-2019-2569", "CVE-2019-2870", "CVE-2019-2873", "CVE-2019-2827", "CVE-2019-2735", "CVE-2017-3736", "CVE-2019-2813", "CVE-2019-2864", "CVE-2019-2828", "CVE-2019-2869", "CVE-2019-2780", "CVE-2019-2834", "CVE-2018-0737", "CVE-2019-2742", "CVE-2019-2844", "CVE-2019-2786", "CVE-2019-2876", "CVE-2019-2822", "CVE-2018-2883", "CVE-2019-2819", "CVE-2017-15095", "CVE-2018-11040", "CVE-2019-2561", "CVE-2019-2858", "CVE-2019-2755", "CVE-2018-11054", "CVE-2019-2801", "CVE-2016-6814", "CVE-2018-9861", "CVE-2019-2857", "CVE-2016-1000031", "CVE-2018-1000301", "CVE-2019-2874", "CVE-2019-2753", "CVE-2019-2756", "CVE-2018-12023", "CVE-2019-2787", "CVE-2018-8039", "CVE-2019-2773", "CVE-2019-2729", "CVE-2019-2863", "CVE-2019-2832"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 319 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2559985.1>).\n\n** Please note that since the release of the April 2019 Critical Patch Update, Oracle has released two Security Alerts for Oracle WebLogic Server: [ CVE-2019-2725 (April 29, 2019)](<http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html>) and [ CVE-2019-2729 (June 18, 2019)](<http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html>). WebLogic Server customers are strongly advised to apply the fixes contained in this Critical Patch Update, which provides the fixes for the previously-released Alerts as well as additional fixes.**\n", "modified": "2019-08-16T00:00:00", "published": "2019-07-16T00:00:00", "id": "ORACLE:CPUJUL2019-5072835", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - July 2019", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:21:14", "bulletinFamily": "software", "cvelist": ["CVE-2018-3170", "CVE-2018-3157", "CVE-2018-3138", "CVE-2018-3254", "CVE-2017-5533", "CVE-2018-3204", "CVE-2018-3141", "CVE-2017-7407", "CVE-2015-9251", "CVE-2016-8620", "CVE-2017-9798", "CVE-2016-8623", "CVE-2018-1000120", "CVE-2016-5244", "CVE-2018-0732", "CVE-2018-3183", "CVE-2015-0235", "CVE-2016-5420", "CVE-2018-3274", "CVE-2018-3271", "CVE-2018-1304", "CVE-2018-3297", "CVE-2018-3130", "CVE-2016-9840", "CVE-2018-3184", "CVE-2018-3227", "CVE-2018-3231", "CVE-2016-8615", "CVE-2016-8616", "CVE-2018-3188", "CVE-2018-3137", "CVE-2018-3174", "CVE-2018-3203", "CVE-2018-3154", "CVE-2016-5019", "CVE-2016-8619", "CVE-2015-3236", "CVE-2018-3189", "CVE-2018-1275", "CVE-2018-14048", "CVE-2018-3301", "CVE-2018-3294", "CVE-2018-3129", "CVE-2018-7489", "CVE-2018-3287", "CVE-2018-3180", "CVE-2018-3257", "CVE-2018-3280", "CVE-2018-3293", "CVE-2018-3247", "CVE-2018-3239", "CVE-2018-2911", "CVE-2018-3270", "CVE-2018-3249", "CVE-2018-3259", "CVE-2018-3167", "CVE-2018-3236", "CVE-2018-3292", "CVE-2017-3735", "CVE-2018-2912", "CVE-2018-3175", "CVE-2018-3250", "CVE-2014-0014", "CVE-2018-3299", "CVE-2018-1271", "CVE-2016-5080", "CVE-2018-3256", "CVE-2018-3136", "CVE-2018-3246", "CVE-2018-3152", "CVE-2016-8618", "CVE-2018-1000121", "CVE-2018-3285", "CVE-2018-3115", "CVE-2018-3263", "CVE-2018-11039", "CVE-2018-3282", "CVE-2018-3218", "CVE-2018-3150", "CVE-2018-3145", "CVE-2018-3132", "CVE-2018-3190", "CVE-2016-7141", "CVE-2018-3220", "CVE-2018-11307", "CVE-2018-3133", "CVE-2018-2889", "CVE-2018-3128", "CVE-2018-3214", "CVE-2018-3182", "CVE-2018-3211", "CVE-2018-3210", "CVE-2016-0729", "CVE-2018-3233", "CVE-2018-3209", "CVE-2018-3131", "CVE-2018-3302", "CVE-2016-0635", "CVE-2016-0755", "CVE-2016-2107", "CVE-2018-3267", "CVE-2018-3261", "CVE-2015-7501", "CVE-2018-3219", "CVE-2018-3291", "CVE-2018-3244", "CVE-2018-3265", "CVE-2018-3266", "CVE-2018-3193", "CVE-2018-3144", "CVE-2018-3206", "CVE-2018-3298", "CVE-2016-8617", "CVE-2016-9842", "CVE-2018-12022", "CVE-2018-3212", "CVE-2018-8014", "CVE-2016-1182", "CVE-2015-3153", "CVE-2018-1258", "CVE-2018-3234", "CVE-2018-3255", "CVE-2018-3226", "CVE-2018-1000122", "CVE-2018-3173", "CVE-2018-3215", "CVE-2018-3248", "CVE-2018-1305", "CVE-2018-3187", "CVE-2018-3276", "CVE-2018-3156", "CVE-2018-3241", "CVE-2018-3228", "CVE-2018-11776", "CVE-2018-3122", "CVE-2018-13785", "CVE-2018-3011", "CVE-2018-3139", "CVE-2017-7805", "CVE-2018-3223", "CVE-2018-3205", "CVE-2018-3230", "CVE-2018-1257", "CVE-2018-3213", "CVE-2017-5715", "CVE-2018-3161", "CVE-2018-3290", "CVE-2018-3201", "CVE-2018-1000300", "CVE-2018-3251", "CVE-2018-3225", "CVE-2018-2902", "CVE-2018-3163", "CVE-2015-3144", "CVE-2018-2887", "CVE-2014-0114", "CVE-2018-3179", "CVE-2018-3262", "CVE-2018-3237", "CVE-2018-0739", "CVE-2018-3222", "CVE-2018-3155", "CVE-2015-0252", "CVE-2018-3253", "CVE-2018-3126", "CVE-2018-8034", "CVE-2018-3127", "CVE-2018-3221", "CVE-2018-3059", "CVE-2015-3237", "CVE-2018-3279", "CVE-2018-3151", "CVE-2018-2909", "CVE-2018-3245", "CVE-2018-3252", "CVE-2018-3284", "CVE-2018-8013", "CVE-2018-3235", "CVE-2016-8622", "CVE-2018-3275", "CVE-2015-7990", "CVE-2018-3162", "CVE-2018-3197", "CVE-2018-1272", "CVE-2018-3278", "CVE-2018-3186", "CVE-2017-7525", "CVE-2018-3159", "CVE-2018-3171", "CVE-2018-3296", "CVE-2018-3194", "CVE-2018-3217", "CVE-2018-3273", "CVE-2018-3178", "CVE-2018-3147", "CVE-2018-3288", "CVE-2018-1270", "CVE-2014-7817", "CVE-2018-3191", "CVE-2018-18224", "CVE-2012-1007", "CVE-2018-3143", "CVE-2016-8624", "CVE-2018-0733", "CVE-2016-1181", "CVE-2018-3281", "CVE-2018-2971", "CVE-2016-3739", "CVE-2018-3146", "CVE-2016-9843", "CVE-2018-3277", "CVE-2018-3208", "CVE-2017-14735", "CVE-2015-3145", "CVE-2017-3738", "CVE-2018-3172", "CVE-2018-3164", "CVE-2018-3176", "CVE-2018-3169", "CVE-2018-3160", "CVE-2018-3149", "CVE-2014-3490", "CVE-2018-3185", "CVE-2018-3232", "CVE-2018-3264", "CVE-2018-8037", "CVE-2018-3258", "CVE-2017-5645", "CVE-2016-5421", "CVE-2016-9586", "CVE-2018-3272", "CVE-2018-3142", "CVE-2018-3295", "CVE-2018-2914", "CVE-2018-3192", "CVE-2018-3153", "CVE-2018-3283", "CVE-2017-5529", "CVE-2018-3269", "CVE-2016-9841", "CVE-2018-3196", "CVE-2016-4000", "CVE-2018-3289", "CVE-2018-3229", "CVE-2017-3736", "CVE-2018-3286", "CVE-2018-3177", "CVE-2018-3243", "CVE-2018-3242", "CVE-2018-3148", "CVE-2018-3181", "CVE-2018-18223", "CVE-2018-0737", "CVE-2018-3268", "CVE-2018-3200", "CVE-2016-5419", "CVE-2018-3195", "CVE-2017-15095", "CVE-2016-7167", "CVE-2018-11040", "CVE-2018-3198", "CVE-2018-3166", "CVE-2016-6814", "CVE-2018-3202", "CVE-2016-1000031", "CVE-2018-3158", "CVE-2018-1000301", "CVE-2018-3238", "CVE-2018-3134", "CVE-2018-12023", "CVE-2018-3224", "CVE-2018-3165", "CVE-2016-8621", "CVE-2018-3135", "CVE-2018-3168", "CVE-2015-6937", "CVE-2018-2922", "CVE-2018-3140", "CVE-2018-2913", "CVE-2018-3207"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 301 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2018 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2456979.1>).\n", "modified": "2018-10-16T00:00:00", "published": "2018-12-18T00:00:00", "id": "ORACLE:CPUOCT2018-4428296", "href": "", "type": "oracle", "title": "CPU Oct 2018", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:15:56", "bulletinFamily": "software", "cvelist": ["CVE-2012-1007", "CVE-2014-0014", "CVE-2014-0114", "CVE-2014-3490", "CVE-2014-7817", "CVE-2015-0235", "CVE-2015-0252", "CVE-2015-3144", "CVE-2015-3145", "CVE-2015-3153", "CVE-2015-3236", "CVE-2015-3237", "CVE-2015-6937", "CVE-2015-7501", "CVE-2015-7990", "CVE-2015-9251", "CVE-2016-0635", "CVE-2016-0729", "CVE-2016-0755", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2107", "CVE-2016-3739", "CVE-2016-4000", "CVE-2016-5019", "CVE-2016-5080", "CVE-2016-5244", "CVE-2016-5419", "CVE-2016-5420", "CVE-2016-5421", "CVE-2016-6814", "CVE-2016-7141", "CVE-2016-7167", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8619", "CVE-2016-8620", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-9586", "CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-14735", "CVE-2017-15095", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3738", "CVE-2017-5529", "CVE-2017-5533", "CVE-2017-5645", "CVE-2017-5715", "CVE-2017-7407", "CVE-2017-7525", "CVE-2017-7805", "CVE-2017-9798", "CVE-2018-0732", "CVE-2018-0733", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000300", "CVE-2018-1000301", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11307", "CVE-2018-11776", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-13785", "CVE-2018-14048", "CVE-2018-18223", "CVE-2018-18224", "CVE-2018-2887", "CVE-2018-2889", "CVE-2018-2902", "CVE-2018-2909", "CVE-2018-2911", "CVE-2018-2912", "CVE-2018-2913", "CVE-2018-2914", "CVE-2018-2922", "CVE-2018-2971", "CVE-2018-3011", "CVE-2018-3059", "CVE-2018-3115", "CVE-2018-3122", "CVE-2018-3126", "CVE-2018-3127", "CVE-2018-3128", "CVE-2018-3129", "CVE-2018-3130", "CVE-2018-3131", "CVE-2018-3132", "CVE-2018-3133", "CVE-2018-3134", "CVE-2018-3135", "CVE-2018-3136", "CVE-2018-3137", "CVE-2018-3138", "CVE-2018-3139", "CVE-2018-3140", "CVE-2018-3141", "CVE-2018-3142", "CVE-2018-3143", "CVE-2018-3144", "CVE-2018-3145", "CVE-2018-3146", "CVE-2018-3147", "CVE-2018-3148", "CVE-2018-3149", "CVE-2018-3150", "CVE-2018-3151", "CVE-2018-3152", "CVE-2018-3153", "CVE-2018-3154", "CVE-2018-3155", "CVE-2018-3156", "CVE-2018-3157", "CVE-2018-3158", "CVE-2018-3159", "CVE-2018-3160", "CVE-2018-3161", "CVE-2018-3162", "CVE-2018-3163", "CVE-2018-3164", "CVE-2018-3165", "CVE-2018-3166", "CVE-2018-3167", "CVE-2018-3168", "CVE-2018-3169", "CVE-2018-3170", "CVE-2018-3171", "CVE-2018-3172", "CVE-2018-3173", "CVE-2018-3174", "CVE-2018-3175", "CVE-2018-3176", "CVE-2018-3177", "CVE-2018-3178", "CVE-2018-3179", "CVE-2018-3180", "CVE-2018-3181", "CVE-2018-3182", "CVE-2018-3183", "CVE-2018-3184", "CVE-2018-3185", "CVE-2018-3186", "CVE-2018-3187", "CVE-2018-3188", "CVE-2018-3189", "CVE-2018-3190", "CVE-2018-3191", "CVE-2018-3192", "CVE-2018-3193", "CVE-2018-3194", "CVE-2018-3195", "CVE-2018-3196", "CVE-2018-3197", "CVE-2018-3198", "CVE-2018-3200", "CVE-2018-3201", "CVE-2018-3202", "CVE-2018-3203", "CVE-2018-3204", "CVE-2018-3205", "CVE-2018-3206", "CVE-2018-3207", "CVE-2018-3208", "CVE-2018-3209", "CVE-2018-3210", "CVE-2018-3211", "CVE-2018-3212", "CVE-2018-3213", "CVE-2018-3214", "CVE-2018-3215", "CVE-2018-3217", "CVE-2018-3218", "CVE-2018-3219", "CVE-2018-3220", "CVE-2018-3221", "CVE-2018-3222", "CVE-2018-3223", "CVE-2018-3224", "CVE-2018-3225", "CVE-2018-3226", "CVE-2018-3227", "CVE-2018-3228", "CVE-2018-3229", "CVE-2018-3230", "CVE-2018-3231", "CVE-2018-3232", "CVE-2018-3233", "CVE-2018-3234", "CVE-2018-3235", "CVE-2018-3236", "CVE-2018-3237", "CVE-2018-3238", "CVE-2018-3239", "CVE-2018-3241", "CVE-2018-3242", "CVE-2018-3243", "CVE-2018-3244", "CVE-2018-3245", "CVE-2018-3246", "CVE-2018-3247", "CVE-2018-3248", "CVE-2018-3249", "CVE-2018-3250", "CVE-2018-3251", "CVE-2018-3252", "CVE-2018-3253", "CVE-2018-3254", "CVE-2018-3255", "CVE-2018-3256", "CVE-2018-3257", "CVE-2018-3258", "CVE-2018-3259", "CVE-2018-3261", "CVE-2018-3262", "CVE-2018-3263", "CVE-2018-3264", "CVE-2018-3265", "CVE-2018-3266", "CVE-2018-3267", "CVE-2018-3268", "CVE-2018-3269", "CVE-2018-3270", "CVE-2018-3271", "CVE-2018-3272", "CVE-2018-3273", "CVE-2018-3274", "CVE-2018-3275", "CVE-2018-3276", "CVE-2018-3277", "CVE-2018-3278", "CVE-2018-3279", "CVE-2018-3280", "CVE-2018-3281", "CVE-2018-3282", "CVE-2018-3283", "CVE-2018-3284", "CVE-2018-3285", "CVE-2018-3286", "CVE-2018-3287", "CVE-2018-3288", "CVE-2018-3289", "CVE-2018-3290", "CVE-2018-3291", "CVE-2018-3292", "CVE-2018-3293", "CVE-2018-3294", "CVE-2018-3295", "CVE-2018-3296", "CVE-2018-3297", "CVE-2018-3298", "CVE-2018-3299", "CVE-2018-3301", "CVE-2018-3302", "CVE-2018-7489", "CVE-2018-8013", "CVE-2018-8014", "CVE-2018-8034", "CVE-2018-8037"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 301 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2018 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2456979.1>).\n", "modified": "2018-10-16T00:00:00", "published": "2018-12-18T00:00:00", "id": "ORACLE:CPUOCT2018", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - October 2018", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:15:58", "bulletinFamily": "software", "cvelist": ["CVE-2011-4461", "CVE-2014-0114", "CVE-2014-0230", "CVE-2014-2532", "CVE-2014-3577", "CVE-2014-7810", "CVE-2014-8157", "CVE-2014-9029", "CVE-2014-9746", "CVE-2015-0204", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-5174", "CVE-2015-5262", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2015-5600", "CVE-2015-6420", "CVE-2015-7501", "CVE-2015-7940", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0718", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2099", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-3092", "CVE-2016-3506", "CVE-2016-4055", "CVE-2016-4463", "CVE-2016-5019", "CVE-2016-5195", "CVE-2016-5300", "CVE-2016-6814", "CVE-2016-7103", "CVE-2016-8735", "CVE-2016-9841", "CVE-2016-9843", "CVE-2016-9878", "CVE-2017-0379", "CVE-2017-0785", "CVE-2017-10989", "CVE-2017-12617", "CVE-2017-13088", "CVE-2017-13218", "CVE-2017-15095", "CVE-2017-15707", "CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3635", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3647", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653", "CVE-2017-3732", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-5529", "CVE-2017-5533", "CVE-2017-5645", "CVE-2017-5662", "CVE-2017-5664", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-6074", "CVE-2017-7525", "CVE-2017-9526", "CVE-2017-9798", "CVE-2018-0733", "CVE-2018-0739", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000300", "CVE-2018-1000301", "CVE-2018-1171", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-1313", "CVE-2018-1327", "CVE-2018-2598", "CVE-2018-2767", "CVE-2018-2881", "CVE-2018-2882", "CVE-2018-2888", "CVE-2018-2891", "CVE-2018-2892", "CVE-2018-2893", "CVE-2018-2894", "CVE-2018-2895", "CVE-2018-2896", "CVE-2018-2897", "CVE-2018-2898", "CVE-2018-2899", "CVE-2018-2900", "CVE-2018-2901", "CVE-2018-2903", "CVE-2018-2904", "CVE-2018-2905", "CVE-2018-2906", "CVE-2018-2907", "CVE-2018-2908", "CVE-2018-2915", "CVE-2018-2916", "CVE-2018-2917", "CVE-2018-2918", "CVE-2018-2919", "CVE-2018-2920", "CVE-2018-2921", "CVE-2018-2923", "CVE-2018-2924", "CVE-2018-2925", "CVE-2018-2926", "CVE-2018-2927", "CVE-2018-2928", "CVE-2018-2929", "CVE-2018-2930", "CVE-2018-2932", "CVE-2018-2933", "CVE-2018-2934", "CVE-2018-2935", "CVE-2018-2936", "CVE-2018-2937", "CVE-2018-2938", "CVE-2018-2939", "CVE-2018-2940", "CVE-2018-2941", "CVE-2018-2942", "CVE-2018-2943", "CVE-2018-2944", "CVE-2018-2945", "CVE-2018-2946", "CVE-2018-2947", "CVE-2018-2948", "CVE-2018-2949", "CVE-2018-2950", "CVE-2018-2951", "CVE-2018-2952", "CVE-2018-2953", "CVE-2018-2954", "CVE-2018-2955", "CVE-2018-2956", "CVE-2018-2957", "CVE-2018-2958", "CVE-2018-2959", "CVE-2018-2960", "CVE-2018-2961", "CVE-2018-2962", "CVE-2018-2963", "CVE-2018-2964", "CVE-2018-2965", "CVE-2018-2966", "CVE-2018-2967", "CVE-2018-2968", "CVE-2018-2969", "CVE-2018-2970", "CVE-2018-2972", "CVE-2018-2973", "CVE-2018-2974", "CVE-2018-2975", "CVE-2018-2976", "CVE-2018-2977", "CVE-2018-2978", "CVE-2018-2979", "CVE-2018-2980", "CVE-2018-2981", "CVE-2018-2982", "CVE-2018-2984", "CVE-2018-2985", "CVE-2018-2986", "CVE-2018-2987", "CVE-2018-2988", "CVE-2018-2989", "CVE-2018-2990", "CVE-2018-2991", "CVE-2018-2992", "CVE-2018-2993", "CVE-2018-2994", "CVE-2018-2995", "CVE-2018-2996", "CVE-2018-2997", "CVE-2018-2998", "CVE-2018-2999", "CVE-2018-3000", "CVE-2018-3001", "CVE-2018-3002", "CVE-2018-3003", "CVE-2018-3004", "CVE-2018-3005", "CVE-2018-3006", "CVE-2018-3007", "CVE-2018-3008", "CVE-2018-3009", "CVE-2018-3010", "CVE-2018-3012", "CVE-2018-3013", "CVE-2018-3014", "CVE-2018-3015", "CVE-2018-3016", "CVE-2018-3017", "CVE-2018-3018", "CVE-2018-3019", "CVE-2018-3020", "CVE-2018-3021", "CVE-2018-3022", "CVE-2018-3023", "CVE-2018-3024", "CVE-2018-3025", "CVE-2018-3026", "CVE-2018-3027", "CVE-2018-3028", "CVE-2018-3029", "CVE-2018-3030", "CVE-2018-3031", "CVE-2018-3032", "CVE-2018-3033", "CVE-2018-3034", "CVE-2018-3035", "CVE-2018-3036", "CVE-2018-3037", "CVE-2018-3038", "CVE-2018-3039", "CVE-2018-3040", "CVE-2018-3041", "CVE-2018-3042", "CVE-2018-3043", "CVE-2018-3044", "CVE-2018-3045", "CVE-2018-3046", "CVE-2018-3047", "CVE-2018-3048", "CVE-2018-3049", "CVE-2018-3050", "CVE-2018-3051", "CVE-2018-3052", "CVE-2018-3053", "CVE-2018-3054", "CVE-2018-3055", "CVE-2018-3056", "CVE-2018-3057", "CVE-2018-3058", "CVE-2018-3060", "CVE-2018-3061", "CVE-2018-3062", "CVE-2018-3063", "CVE-2018-3064", "CVE-2018-3065", "CVE-2018-3066", "CVE-2018-3067", "CVE-2018-3068", "CVE-2018-3069", "CVE-2018-3070", "CVE-2018-3071", "CVE-2018-3072", "CVE-2018-3073", "CVE-2018-3074", "CVE-2018-3075", "CVE-2018-3076", "CVE-2018-3077", "CVE-2018-3078", "CVE-2018-3079", "CVE-2018-3080", "CVE-2018-3081", "CVE-2018-3082", "CVE-2018-3084", "CVE-2018-3085", "CVE-2018-3086", "CVE-2018-3087", "CVE-2018-3088", "CVE-2018-3089", "CVE-2018-3090", "CVE-2018-3091", "CVE-2018-3092", "CVE-2018-3093", "CVE-2018-3094", "CVE-2018-3095", "CVE-2018-3096", "CVE-2018-3097", "CVE-2018-3098", "CVE-2018-3099", "CVE-2018-3100", "CVE-2018-3101", "CVE-2018-3102", "CVE-2018-3103", "CVE-2018-3104", "CVE-2018-3105", "CVE-2018-3108", "CVE-2018-3109", "CVE-2018-3639", "CVE-2018-3640", "CVE-2018-7489", "CVE-2018-8013"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to: \n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 334 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2018 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2420273.1>).\n\nMany industry experts anticipate that exploits leveraging known flaws in modern processor designs will continue to be disclosed for the foreseeable future (i.e., \u201cSpectre\u201d variants). For information related to these issues, please refer to:\n\n * the January 2018 Critical Patch Update (and later) Advisories,\n * the \"Addendum to the January 2018 Critical Patch Update Advisory for Spectre (CVE-2017-5715, CVE-2017-5753) and Meltdown (CVE-2017-5754)\" ([Doc ID 2347948.1](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2347948.1>)), and\n * \"Information about processor vulnerabilities CVE-2018-3640 (\"Spectre v3a\") and CVE-2018-3639 (\"Spectre v4\")\" ([Doc ID 2399123.1](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2399123.1>)).\n", "modified": "2018-10-12T00:00:00", "published": "2018-07-17T00:00:00", "id": "ORACLE:CPUJUL2018", "href": "", "type": "oracle", "title": "CPU July 2018", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:20:50", "bulletinFamily": "software", "cvelist": ["CVE-2015-5600", "CVE-2018-3010", "CVE-2017-5533", "CVE-2018-3004", "CVE-2015-5351", "CVE-2018-3091", "CVE-2018-3021", "CVE-2017-13218", "CVE-2017-9798", "CVE-2018-3109", "CVE-2018-2935", "CVE-2018-1000120", "CVE-2018-2948", "CVE-2018-3019", "CVE-2011-4461", "CVE-2018-2984", "CVE-2016-7103", "CVE-2017-5753", "CVE-2018-2893", "CVE-2018-2917", "CVE-2018-2981", "CVE-2017-10989", "CVE-2017-5754", "CVE-2018-3098", "CVE-2018-2965", "CVE-2018-3029", "CVE-2018-3072", "CVE-2018-1304", "CVE-2018-2969", "CVE-2018-2955", "CVE-2018-3104", "CVE-2018-3079", "CVE-2018-2906", "CVE-2018-3048", "CVE-2015-6420", "CVE-2018-2988", "CVE-2018-2944", "CVE-2018-3093", "CVE-2018-2881", "CVE-2015-3415", "CVE-2018-3055", "CVE-2017-6074", "CVE-2018-3050", "CVE-2016-5019", "CVE-2018-3027", "CVE-2018-3025", "CVE-2018-2951", "CVE-2018-3046", "CVE-2018-1275", "CVE-2018-2990", "CVE-2018-7489", "CVE-2018-2980", "CVE-2018-3069", "CVE-2018-2894", "CVE-2018-2954", "CVE-2018-3053", "CVE-2018-2953", "CVE-2018-2938", "CVE-2016-4055", "CVE-2018-3008", "CVE-2016-9878", "CVE-2017-3735", "CVE-2018-2973", "CVE-2015-5262", "CVE-2018-3009", "CVE-2014-0230", "CVE-2018-2947", "CVE-2018-1271", "CVE-2018-3015", "CVE-2018-3096", "CVE-2018-2989", "CVE-2018-2897", "CVE-2018-2961", "CVE-2018-2920", "CVE-2018-3006", "CVE-2018-1000121", "CVE-2016-0714", "CVE-2018-2994", "CVE-2016-3092", "CVE-2018-3043", "CVE-2018-2937", "CVE-2018-2924", "CVE-2018-2966", "CVE-2017-3652", "CVE-2016-5300", "CVE-2018-3031", "CVE-2018-2908", "CVE-2018-1171", "CVE-2018-3100", "CVE-2017-3648", "CVE-2014-9746", "CVE-2018-2992", "CVE-2015-5345", "CVE-2018-3002", "CVE-2018-2942", "CVE-2018-3061", "CVE-2018-3075", "CVE-2016-2105", "CVE-2018-2998", "CVE-2014-3577", "CVE-2018-2956", "CVE-2018-2975", "CVE-2016-2107", "CVE-2016-4463", "CVE-2018-3044", "CVE-2015-7501", "CVE-2018-2976", "CVE-2018-2999", "CVE-2017-3649", "CVE-2018-3101", "CVE-2018-3067", "CVE-2017-0785", "CVE-2017-3737", "CVE-2018-2962", "CVE-2018-2926", "CVE-2017-15707", "CVE-2018-2958", "CVE-2016-1182", "CVE-2018-1258", "CVE-2018-3073", "CVE-2018-1000122", "CVE-2018-1305", "CVE-2018-3095", "CVE-2017-13088", "CVE-2018-2977", "CVE-2017-5662", "CVE-2018-2995", "CVE-2017-9526", "CVE-2018-3086", "CVE-2018-2964", "CVE-2018-3047", "CVE-2018-2985", "CVE-2018-3032", "CVE-2018-2960", "CVE-2018-2997", "CVE-2018-2972", "CVE-2018-3034", "CVE-2018-3023", "CVE-2018-2904", "CVE-2016-0718", "CVE-2018-2882", "CVE-2018-3065", "CVE-2018-3102", "CVE-2014-2532", "CVE-2018-2957", "CVE-2017-5715", "CVE-2018-3057", "CVE-2016-2109", "CVE-2017-3633", "CVE-2018-2921", "CVE-2018-2915", "CVE-2018-1000300", "CVE-2017-3647", "CVE-2018-2959", "CVE-2018-2767", "CVE-2014-0114", "CVE-2018-3080", "CVE-2018-2934", "CVE-2017-3732", "CVE-2018-2949", "CVE-2018-3089", "CVE-2018-2945", "CVE-2018-2943", "CVE-2018-0739", "CVE-2015-5346", "CVE-2018-2896", "CVE-2018-3013", "CVE-2018-2936", "CVE-2018-2986", "CVE-2018-2905", "CVE-2018-2916", "CVE-2018-3087", "CVE-2018-3007", "CVE-2015-3416", "CVE-2018-1313", "CVE-2018-2991", "CVE-2018-2598", "CVE-2018-3033", "CVE-2018-8013", "CVE-2015-5174", "CVE-2014-9029", "CVE-2018-3012", "CVE-2018-3036", "CVE-2018-3062", "CVE-2018-3108", "CVE-2018-1272", "CVE-2018-2987", "CVE-2017-7525", "CVE-2018-3060", "CVE-2018-3071", "CVE-2018-3014", "CVE-2018-3051", "CVE-2015-3414", "CVE-2018-3103", "CVE-2018-2979", "CVE-2018-2993", "CVE-2018-3092", "CVE-2015-0204", "CVE-2014-7810", "CVE-2018-3022", "CVE-2018-1270", "CVE-2018-2903", "CVE-2017-3651", "CVE-2018-3058", "CVE-2016-0706", "CVE-2017-3641", "CVE-2018-2928", "CVE-2017-5664", "CVE-2018-2900", "CVE-2018-2898", "CVE-2018-3003", "CVE-2018-3001", "CVE-2018-2950", "CVE-2018-2929", "CVE-2018-0733", "CVE-2017-3635", "CVE-2018-3094", "CVE-2016-1181", "CVE-2018-2941", "CVE-2014-8157", "CVE-2018-2933", "CVE-2018-3017", "CVE-2016-9843", "CVE-2018-2946", "CVE-2016-2176", "CVE-2016-8735", "CVE-2018-2940", "CVE-2017-3738", "CVE-2018-2930", "CVE-2018-3049", "CVE-2018-2918", "CVE-2018-3076", "CVE-2018-2982", "CVE-2018-3041", "CVE-2016-5195", "CVE-2018-3026", "CVE-2018-2901", "CVE-2018-2939", "CVE-2018-3081", "CVE-2018-3085", "CVE-2017-5645", "CVE-2016-2099", "CVE-2018-3024", "CVE-2018-2892", "CVE-2018-3070", "CVE-2018-3018", "CVE-2017-12617", "CVE-2018-3077", "CVE-2018-3054", "CVE-2017-5529", "CVE-2017-3653", "CVE-2016-9841", "CVE-2015-7940", "CVE-2018-2970", "CVE-2018-2963", "CVE-2017-3736", "CVE-2018-3028", "CVE-2018-3074", "CVE-2018-3052", "CVE-2018-3063", "CVE-2017-0379", "CVE-2018-2919", "CVE-2018-3039", "CVE-2018-3082", "CVE-2018-2899", "CVE-2018-2974", "CVE-2018-2932", "CVE-2018-3038", "CVE-2018-3097", "CVE-2018-3020", "CVE-2016-3506", "CVE-2018-3005", "CVE-2018-3090", "CVE-2017-3636", "CVE-2018-3035", "CVE-2018-2968", "CVE-2018-2907", "CVE-2017-15095", "CVE-2018-3064", "CVE-2018-3037", "CVE-2018-2895", "CVE-2018-3068", "CVE-2018-3078", "CVE-2018-2996", "CVE-2018-2923", "CVE-2018-3030", "CVE-2018-3099", "CVE-2018-3084", "CVE-2016-2106", "CVE-2017-3634", "CVE-2016-6814", "CVE-2018-3066", "CVE-2018-2925", "CVE-2018-3056", "CVE-2018-3639", "CVE-2018-1000301", "CVE-2018-3040", "CVE-2018-3000", "CVE-2018-3045", "CVE-2018-3640", "CVE-2018-3016", "CVE-2018-3088", "CVE-2018-2967", "CVE-2018-2888", "CVE-2018-1327", "CVE-2018-2927", "CVE-2018-2952", "CVE-2018-3105", "CVE-2018-3042", "CVE-2018-2891", "CVE-2018-2978"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to: \n\n * [Critical Patch Updates, Security Alerts and Bulletins](<http://www.oracle.com/securityalerts>) for information about Oracle Security Advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 334 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2018 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2420273.1>).\n\nMany industry experts anticipate that exploits leveraging known flaws in modern processor designs will continue to be disclosed for the foreseeable future (i.e., \"Spectre\" variants). For information related to these issues, please refer to:\n\n * the January 2018 Critical Patch Update (and later) Advisories,\n * the \"Addendum to the January 2018 Critical Patch Update Advisory for Spectre (CVE-2017-5715, CVE-2017-5753) and Meltdown (CVE-2017-5754)\" ([Doc ID 2347948.1](<https://support.oracle.com/rs?type=doc&id=2347948.1>)), and\n * \"Information about processor vulnerabilities CVE-2018-3640 (\"Spectre v3a\") and CVE-2018-3639 (\"Spectre v4\")\" ([Doc ID 2399123.1](<https://support.oracle.com/rs?type=doc&id=2399123.1>)).\n\n \n", "modified": "2018-10-12T00:00:00", "published": "2018-07-17T00:00:00", "id": "ORACLE:CPUJUL2018-4258247", "href": "", "type": "oracle", "title": "CPU July 2018", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-16T04:29:01", "bulletinFamily": "software", "cvelist": ["CVE-2019-2946", "CVE-2019-2954", "CVE-2019-0220", "CVE-2019-2973", "CVE-2018-19362", "CVE-2019-2993", "CVE-2019-5435", "CVE-2019-2984", "CVE-2019-2734", "CVE-2019-2982", "CVE-2019-3012", "CVE-2019-2899", "CVE-2019-3863", "CVE-2019-2992", "CVE-2015-9251", "CVE-2019-2886", "CVE-2019-1547", "CVE-2019-2907", "CVE-2017-9735", "CVE-2019-12086", "CVE-2018-1000120", "CVE-2018-0732", "CVE-2019-2968", "CVE-2016-7103", "CVE-2019-2945", "CVE-2019-2942", "CVE-2019-10247", "CVE-2017-17558", "CVE-2019-2955", "CVE-2019-10098", "CVE-2019-11358", "CVE-2019-3861", "CVE-2019-2943", "CVE-2019-0217", "CVE-2019-14540", "CVE-2019-3027", "CVE-2018-12384", "CVE-2018-12538", "CVE-2019-2940", "CVE-2019-2902", "CVE-2018-19361", "CVE-2019-2948", "CVE-2017-7657", "CVE-2019-2896", "CVE-2019-3000", "CVE-2019-3003", "CVE-2019-2883", "CVE-2019-2930", "CVE-2019-3025", "CVE-2016-5425", "CVE-2019-3015", "CVE-2019-2920", "CVE-2019-2915", "CVE-2017-7658", "CVE-2019-2983", "CVE-2018-15756", "CVE-2019-9936", "CVE-2019-2991", "CVE-2019-2926", "CVE-2018-14719", "CVE-2019-3026", "CVE-2019-2901", "CVE-2019-2966", "CVE-2019-3858", "CVE-2019-2995", "CVE-2019-2980", "CVE-2019-3024", "CVE-2019-2906", "CVE-2019-2999", "CVE-2019-2927", "CVE-2017-12626", "CVE-2019-2997", "CVE-2019-2959", "CVE-2019-3014", "CVE-2019-5436", "CVE-2019-2962", "CVE-2019-3004", "CVE-2019-2944", "CVE-2019-2952", "CVE-2019-0211", "CVE-2018-14720", "CVE-2016-0729", "CVE-2019-2974", "CVE-2019-3002", "CVE-2019-2964", "CVE-2019-2884", "CVE-2019-2960", "CVE-2019-2976", "CVE-2018-14718", "CVE-2018-8032", "CVE-2019-2898", "CVE-2019-2932", "CVE-2019-2971", "CVE-2019-2929", "CVE-2019-1549", "CVE-2019-0232", "CVE-2019-2900", "CVE-2019-12814", "CVE-2019-2897", "CVE-2019-12384", "CVE-2018-18065", "CVE-2019-2905", "CVE-2018-20685", "CVE-2019-9937", "CVE-2019-3020", "CVE-2019-2936", "CVE-2019-10082", "CVE-2019-2963", "CVE-2018-2875", "CVE-2019-3857", "CVE-2019-2949", "CVE-2019-2935", "CVE-2019-1563", "CVE-2019-3031", "CVE-2019-9511", "CVE-2018-12404", "CVE-2019-3008", "CVE-2019-1543", "CVE-2019-2910", "CVE-2019-2950", "CVE-2016-8610", "CVE-2018-1000873", "CVE-2018-1000007", "CVE-2018-7185", "CVE-2019-3010", "CVE-2019-2889", "CVE-2019-2888", "CVE-2019-2925", "CVE-2019-2961", "CVE-2015-5180", "CVE-2018-14721", "CVE-2019-2913", "CVE-2019-2922", "CVE-2019-3001", "CVE-2019-3005", "CVE-2019-10081", "CVE-2019-2891", "CVE-2019-2937", "CVE-2019-0215", "CVE-2019-6109", "CVE-2019-8457", "CVE-2019-3018", "CVE-2019-2994", "CVE-2019-2958", "CVE-2018-8034", "CVE-2019-3021", "CVE-2019-2887", "CVE-2019-2947", "CVE-2019-14439", "CVE-2019-16335", "CVE-2019-1552", "CVE-2019-9517", "CVE-2019-0197", "CVE-2019-2939", "CVE-2017-6056", "CVE-2018-18066", "CVE-2019-0196", "CVE-2019-2911", "CVE-2019-3022", "CVE-2018-12536", "CVE-2019-3856", "CVE-2017-7656", "CVE-2019-2996", "CVE-2019-10097", "CVE-2019-2957", "CVE-2019-3011", "CVE-2019-3862", "CVE-2019-2894", "CVE-2018-19360", "CVE-2019-2975", "CVE-2019-2972", "CVE-2019-2988", "CVE-2019-2904", "CVE-2019-10092", "CVE-2019-10072", "CVE-2017-16531", "CVE-2019-2998", "CVE-2019-17091", "CVE-2019-3855", "CVE-2019-2890", "CVE-2019-3859", "CVE-2019-2985", "CVE-2019-2951", "CVE-2019-2990", "CVE-2019-1559", "CVE-2018-1320", "CVE-2019-2923", "CVE-2018-3300", "CVE-2019-6111", "CVE-2019-2986", "CVE-2018-11784", "CVE-2018-8037", "CVE-2017-5645", "CVE-2019-3860", "CVE-2019-2953", "CVE-2019-2965", "CVE-2019-0188", "CVE-2019-3009", "CVE-2019-2941", "CVE-2016-4000", "CVE-2019-3023", "CVE-2019-2914", "CVE-2019-2979", "CVE-2019-2924", "CVE-2019-2981", "CVE-2019-3028", "CVE-2019-2765", "CVE-2019-2934", "CVE-2019-2987", "CVE-2019-2967", "CVE-2019-2977", "CVE-2018-11798", "CVE-2019-10246", "CVE-2018-12545", "CVE-2019-14379", "CVE-2019-2989", "CVE-2016-6814", "CVE-2019-2978", "CVE-2019-2970", "CVE-2019-2903", "CVE-2019-2933", "CVE-2019-5443", "CVE-2016-1000031", "CVE-2019-10241", "CVE-2019-2909", "CVE-2019-3017", "CVE-2019-2938", "CVE-2019-0227", "CVE-2019-2895", "CVE-2019-2872", "CVE-2019-2956", "CVE-2019-2931", "CVE-2018-16842", "CVE-2019-3019", "CVE-2019-2969", "CVE-2019-11068"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 219 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2566015.1>).\n", "modified": "2019-10-15T00:00:00", "published": "2019-10-15T00:00:00", "id": "ORACLE:CPUOCT2019-5072832", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - October 2019", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T15:41:20", "bulletinFamily": "software", "cvelist": ["CVE-2015-5180", "CVE-2015-9251", "CVE-2016-0729", "CVE-2016-1000031", "CVE-2016-4000", "CVE-2016-5425", "CVE-2016-6814", "CVE-2016-7103", "CVE-2016-8610", "CVE-2017-12626", "CVE-2017-16531", "CVE-2017-17558", "CVE-2017-5645", "CVE-2017-6056", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-9735", "CVE-2018-0732", "CVE-2018-1000007", "CVE-2018-1000120", "CVE-2018-1000873", "CVE-2018-11784", "CVE-2018-11798", "CVE-2018-12384", "CVE-2018-12404", "CVE-2018-12536", "CVE-2018-12538", "CVE-2018-12545", "CVE-2018-1320", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-16842", "CVE-2018-18065", "CVE-2018-18066", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-20685", "CVE-2018-2875", "CVE-2018-3300", "CVE-2018-7185", "CVE-2018-8032", "CVE-2018-8034", "CVE-2018-8037", "CVE-2019-0188", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0227", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11068", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-1543", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-1559", "CVE-2019-1563", "CVE-2019-16335", "CVE-2019-17091", "CVE-2019-2734", "CVE-2019-2765", "CVE-2019-2872", "CVE-2019-2883", "CVE-2019-2884", "CVE-2019-2886", "CVE-2019-2887", "CVE-2019-2888", "CVE-2019-2889", "CVE-2019-2890", "CVE-2019-2891", "CVE-2019-2894", "CVE-2019-2895", "CVE-2019-2896", "CVE-2019-2897", "CVE-2019-2898", "CVE-2019-2899", "CVE-2019-2900", "CVE-2019-2901", "CVE-2019-2902", "CVE-2019-2903", "CVE-2019-2904", "CVE-2019-2905", "CVE-2019-2906", "CVE-2019-2907", "CVE-2019-2909", "CVE-2019-2910", "CVE-2019-2911", "CVE-2019-2913", "CVE-2019-2914", "CVE-2019-2915", "CVE-2019-2920", "CVE-2019-2922", "CVE-2019-2923", "CVE-2019-2924", "CVE-2019-2925", "CVE-2019-2926", "CVE-2019-2927", "CVE-2019-2929", "CVE-2019-2930", "CVE-2019-2931", "CVE-2019-2932", "CVE-2019-2933", "CVE-2019-2934", "CVE-2019-2935", "CVE-2019-2936", "CVE-2019-2937", "CVE-2019-2938", "CVE-2019-2939", "CVE-2019-2940", "CVE-2019-2941", "CVE-2019-2942", "CVE-2019-2943", "CVE-2019-2944", "CVE-2019-2945", "CVE-2019-2946", "CVE-2019-2947", "CVE-2019-2948", "CVE-2019-2949", "CVE-2019-2950", "CVE-2019-2951", "CVE-2019-2952", "CVE-2019-2953", "CVE-2019-2954", "CVE-2019-2955", "CVE-2019-2956", "CVE-2019-2957", "CVE-2019-2958", "CVE-2019-2959", "CVE-2019-2960", "CVE-2019-2961", "CVE-2019-2962", "CVE-2019-2963", "CVE-2019-2964", "CVE-2019-2965", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2969", "CVE-2019-2970", "CVE-2019-2971", "CVE-2019-2972", "CVE-2019-2973", "CVE-2019-2974", "CVE-2019-2975", "CVE-2019-2976", "CVE-2019-2977", "CVE-2019-2978", "CVE-2019-2979", "CVE-2019-2980", "CVE-2019-2981", "CVE-2019-2982", "CVE-2019-2983", "CVE-2019-2984", "CVE-2019-2985", "CVE-2019-2986", "CVE-2019-2987", "CVE-2019-2988", "CVE-2019-2989", "CVE-2019-2990", "CVE-2019-2991", "CVE-2019-2992", "CVE-2019-2993", "CVE-2019-2994", "CVE-2019-2995", "CVE-2019-2996", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-2999", "CVE-2019-3000", "CVE-2019-3001", "CVE-2019-3002", "CVE-2019-3003", "CVE-2019-3004", "CVE-2019-3005", "CVE-2019-3008", "CVE-2019-3009", "CVE-2019-3010", "CVE-2019-3011", "CVE-2019-3012", "CVE-2019-3014", "CVE-2019-3015", "CVE-2019-3017", "CVE-2019-3018", "CVE-2019-3019", "CVE-2019-3020", "CVE-2019-3021", "CVE-2019-3022", "CVE-2019-3023", "CVE-2019-3024", "CVE-2019-3025", "CVE-2019-3026", "CVE-2019-3027", "CVE-2019-3028", "CVE-2019-3031", "CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3858", "CVE-2019-3859", "CVE-2019-3860", "CVE-2019-3861", "CVE-2019-3862", "CVE-2019-3863", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-6109", "CVE-2019-6111", "CVE-2019-8457", "CVE-2019-9511", "CVE-2019-9517", "CVE-2019-9936", "CVE-2019-9937"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 219 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2566015.1>).\n", "modified": "2019-10-15T00:00:00", "published": "2020-01-22T00:00:00", "id": "ORACLE:CPUOCT2019", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - October 2019", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}