Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   curl Vendors:
(Oracle Issues Fix for Oracle Linux) curl Null Pointer Dereference in LDAP URL Processing Lets Remote Users Cause the Target Application to Crash
SecurityTracker Alert ID:  1042074
SecurityTracker URL:
CVE Reference:   CVE-2018-1000121   (Links to External Site)
Date:  Nov 12 2018
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.21.0 - 7.58.0
Description:   A vulnerability was reported in curl. A remote user can cause the target application to crash.

A remote server can return a specially crafted redirect to an LDAP URL to trigger a null pointer dereference in ldap_get_attribute_ber() can cause the target application to crash.

Applications that allow LDAP URLs are also affected.

curl versions built to use OpenLDAP are affected.

The vendor was notified on March 6, 2018.

Dario Weisser reported this vulnerability.

Impact:   A remote server can cause the target application to crash.
Solution:   Oracle has issued a fix.

The Oracle Linux advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Oracle)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Mar 14 2018 curl Null Pointer Dereference in LDAP URL Processing Lets Remote Users Cause the Target Application to Crash

 Source Message Contents

Subject:  [El-errata] ELSA-2018-3157 Moderate: Oracle Linux 7 curl and nss-pem security and bug fix update

Oracle Linux Security Advisory ELSA-2018-3157

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- require a new enough version of nss-pem to avoid regression in yum 

- remove dead code, detected by Coverity Analysis
- remove unused variable, detected by GCC and Clang

- make curl --speed-limit work with TFTP (#1584750)

- fix RTSP bad headers buffer over-read (CVE-2018-1000301)
- fix FTP path trickery leads to NIL byte out of bounds write 
- fix LDAP NULL pointer dereference (CVE-2018-1000121)
- fix RTSP RTP buffer over-read (CVE-2018-1000122)
- http: prevent custom Authorization headers in redirects (CVE-2018-1000007)
- doc: --tlsauthtype works only if built with TLS-SRP support (#1542256)
- update certificates in the test-suite because they expire soon (#1572723)

- make NSS deallocate PKCS #11 objects early enough (#1510247)

- update object ID while reusing a certificate (#1610998)

El-errata mailing list

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC