SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   curl Vendors:   curl.haxx.se
curl RTSP URL Processing Buffer Copy Error Lets Remote Users Cause the Target Application to Crash
SecurityTracker Alert ID:  1040530
SecurityTracker URL:  http://securitytracker.com/id/1040530
CVE Reference:   CVE-2018-1000122   (Links to External Site)
Date:  Mar 14 2018
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.20.0 - 7.58.0
Description:   A vulnerability was reported in curl. A remote user can cause the target application to crash.

A remote user can cause the target application to trigger a buffer copy error in processing RTSP URLs and cause the application to crash or access potentially sensitive information on the target system.

The vendor was notified on February 20, 2018.

Max Dymond reported this vulnerability.

Impact:   A remote user can cause the target application to crash.

A remote user can obtain potentially sensitive information on the target system.

Solution:   The vendor has issued a fix (7.59.0).

The vendor advisory is available at:

https://curl.haxx.se/docs/adv_2018-b047.html

Vendor URL:  curl.haxx.se/docs/adv_2018-b047.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
May 25 2018 (Ubuntu Issues Fix) curl RTSP URL Processing Buffer Copy Error Lets Remote Users Cause the Target Application to Crash
Ubuntu has issued a fix for Ubuntu Linux 12.04 ESM.
Jul 19 2018 (Juniper Issues Fix for Juniper Junos) curl RTSP URL Processing Buffer Copy Error Lets Remote Users Cause the Target Application to Crash
Juniper has issued a fix for Juniper Junos.
Oct 30 2018 (Red Hat Issues Fix) curl RTSP URL Processing Buffer Copy Error Lets Remote Users Cause the Target Application to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Nov 12 2018 (Oracle Issues Fix for Oracle Linux) curl RTSP URL Processing Buffer Copy Error Lets Remote Users Cause the Target Application to Crash
Oracle has issued a fix for Oracle Linux 7.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC