Multiple vulnerabilities in cURL



Published: 2018-03-15
Severity High
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2018-1000121
CVE-2018-1000120
CVE-2018-1000122
CWE ID CWE-476
CWE-122
CWE-126
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
cURL
Client/Desktop applications / Other client software

Vendor curl.haxx.se

Security Advisory

1) Null pointer dereference

Severity: Low

CVSSv3: 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-1000121

CWE-ID: CWE-476 - NULL Pointer Dereference

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to NULL pointer dereference in ldap_get_attribute_ber(). A remote attacker can return a specially crafted redirect to an LDAP URL, trigger NULL pointer dereference and cause the service to crash.//

Mitigation

Update to version 7.59.0.

Vulnerable software versions

cURL: 7.21.0, 7.21.1, 7.21.2, 7.21.3, 7.21.4, 7.21.5, 7.21.6, 7.21.7, 7.24.0, 7.25.0, 7.26.0, 7.27.0, 7.28.0, 7.28.1, 7.29.0, 7.30.0, 7.31.0, 7.32.0, 7.33.0, 7.34.0, 7.35.0, 7.36.0, 7.37.0, 7.37.1, 7.38.0, 7.39.0, 7.40.0, 7.41.0, 7.42.0, 7.42.1, 7.43.0, 7.44.0, 7.45.0, 7.46.0, 7.47.0, 7.48.0, 7.49.0, 7.52.0, 7.52.1, 7.53.0

cURL: 7.21.0, 7.21.1, 7.21.2, 7.21.3, 7.21.4, 7.21.5, 7.21.6, 7.21.7, 7.22.0, 7.23.0, 7.23.1, 7.54.0, 7.55.0, 7.56.0, 7.57.0, 7.58.0

CPE External links

https://curl.haxx.se/docs/adv_2018-97a2.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

Severity: High

CVSSv3: 8.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-1000120

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow. A remote attacker that can control the paths that curl uses for FTP can create specially crafted path names containing the control characters '%00', trigger memory corruption and execute arbitrary code.


Mitigation

Update to version 7.59.0.

Vulnerable software versions

cURL: 7.10.3, 7.11.2, 7.12.3, 7.13.0, 7.13.1, 7.13.2, 7.14.0, 7.14.1, 7.15.0, 7.15.1, 7.15.2, 7.15.3, 7.15.4, 7.15.5, 7.16.0, 7.16.1, 7.16.2, 7.16.3, 7.16.4, 7.17.0, 7.17.1, 7.18.0, 7.18.1, 7.18.2, 7.19.0, 7.19.1, 7.19.2, 7.19.3, 7.19.4, 7.19.5, 7.19.6, 7.19.7, 7.21.0, 7.21.1, 7.21.2, 7.21.3, 7.21.4, 7.21.5, 7.21.6, 7.21.7, 7.24.0, 7.25.0, 7.26.0, 7.27.0, 7.28.0, 7.28.1, 7.29.0, 7.30.0, 7.31.0, 7.32.0, 7.33.0, 7.34.0, 7.35.0, 7.36.0, 7.37.0, 7.37.1, 7.38.0, 7.39.0, 7.40.0, 7.41.0, 7.42.0, 7.42.1, 7.43.0, 7.44.0, 7.45.0, 7.46.0, 7.47.0, 7.48.0, 7.49.0, 7.52.0, 7.52.1, 7.53.0

cURL: 7.13, 7.13.2, 7.14, 7.14.1, 7.15, 7.15.1, 7.15.3, 7.16.3, 7.16.4, 7.17, 7.18, 7.19.3, 7.20.0, 7.20.1, 7.21.0, 7.21.1, 7.21.2, 7.21.3, 7.21.4, 7.21.5, 7.21.6, 7.21.7, 7.22.0, 7.23.0, 7.23.1, 7.54.0, 7.55.0, 7.56.0, 7.57.0, 7.58.0

CPE External links

https://curl.haxx.se/docs/adv_2018-9cd6.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer over-read

Severity: Low

CVSSv3: 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-1000122

CWE-ID: CWE-126 - Buffer Over-read

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition.

The weakness exists due to buffer over-read. A remote attacker can cause the target application to trigger a buffer copy error in processing RTSP URLs and cause the application to crash or access potentially sensitive information on the target system.

Mitigation

Update to version 7.59.0.

Vulnerable software versions

cURL: 7.21.0, 7.21.1, 7.21.2, 7.21.3, 7.21.4, 7.21.5, 7.21.6, 7.21.7, 7.24.0, 7.25.0, 7.26.0, 7.27.0, 7.28.0, 7.28.1, 7.29.0, 7.30.0, 7.31.0, 7.32.0, 7.33.0, 7.34.0, 7.35.0, 7.36.0, 7.37.0, 7.37.1, 7.38.0, 7.39.0, 7.40.0, 7.41.0, 7.42.0, 7.42.1, 7.43.0, 7.44.0, 7.45.0, 7.46.0, 7.47.0, 7.48.0, 7.49.0, 7.52.0, 7.52.1, 7.53.0

cURL: 7.20.0, 7.20.1, 7.21.0, 7.21.1, 7.21.2, 7.21.3, 7.21.4, 7.21.5, 7.21.6, 7.21.7, 7.22.0, 7.23.0, 7.23.1, 7.54.0, 7.55.0, 7.56.0, 7.57.0, 7.58.0

CPE External links

https://curl.haxx.se/docs/adv_2018-b047.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.