Home

CVE-2018-1000120

Description

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.886

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2018-1000120,CVE-2018-1000121,CVE-2018-1000122 are affected in Curl For Windows 7.58.0Windows
Vulnerabilities CVE-2018-1000122,CVE-2018-1000121,CVE-2018-1000120 are fixed in Curl For Windows 7.59.0Windows
Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.55Windows
Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.56Windows
Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.57Windows
Vulnerabilities CVE-2018-1000120 are affected in Ruby-curl 7.58.9Windows
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) curl_7.47.0-1ubuntu2.7_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) curl_7.47.0-1ubuntu2.7_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) curl_7.55.1-1ubuntu2.4_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) curl_7.55.1-1ubuntu2.4_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) curl_7.35.0-1ubuntu2.15_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) curl_7.35.0-1ubuntu2.15_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) libcurl3_7.47.0-1ubuntu2.7_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) libcurl3_7.47.0-1ubuntu2.7_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) libcurl3_7.55.1-1ubuntu2.4_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) libcurl3_7.55.1-1ubuntu2.4_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) libcurl3_7.35.0-1ubuntu2.15_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) libcurl3_7.35.0-1ubuntu2.15_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) libcurl3-nss_7.47.0-1ubuntu2.7_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) libcurl3-nss_7.47.0-1ubuntu2.7_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) libcurl3-nss_7.55.1-1ubuntu2.4_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) libcurl3-nss_7.55.1-1ubuntu2.4_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) libcurl3-nss_7.35.0-1ubuntu2.15_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) libcurl3-nss_7.35.0-1ubuntu2.15_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) libcurl3-gnutls_7.47.0-1ubuntu2.7_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) libcurl3-gnutls_7.47.0-1ubuntu2.7_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) libcurl3-gnutls_7.55.1-1ubuntu2.4_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) libcurl3-gnutls_7.55.1-1ubuntu2.4_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) libcurl3-gnutls_7.35.0-1ubuntu2.15_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-3598-1) libcurl3-gnutls_7.35.0-1ubuntu2.15_amd64.debLinux
curl security update(DSA-4136-1) curl_7.52.1-5+deb9u5_i386.debLinux
curl security update(DSA-4136-1) curl_7.52.1-5+deb9u5_amd64.debLinux
Curl security update (CESA-2017:3263) curl-7.29.0-51.el7.x86_64.rpmLinux
Curl security update (CESA-2017:3263) libcurl-7.29.0-51.el7.i686.rpmLinux
Curl security update (CESA-2017:3263) libcurl-7.29.0-51.el7.x86_64.rpmLinux
Curl security update (CESA-2017:3263) libcurl-devel-7.29.0-51.el7.i686.rpmLinux
Curl security update (CESA-2017:3263) libcurl-devel-7.29.0-51.el7.x86_64.rpmLinux
(RHSA-2018:3157) curl and nss-pem security and bug fix update nss-pem-1.0.3-5.el7.i686.rpmLinux
(RHSA-2018:3157) curl and nss-pem security and bug fix update nss-pem-1.0.3-5.el7.x86_64.rpmLinux
Nss-pem update (ELSA-2018-3157) nss-pem-1.0.3-5.el7.x86_64.rpmLinux
Nss-pem update (ELSA-2018-3157) nss-pem-1.0.3-5.el7.i686.rpmLinux
(RHSA-2018:3157)Moderate: and nss-pem security and bug fix update curl-7.29.0-51.el7.x86_64.rpmLinux
(RHSA-2018:3157)Moderate: and nss-pem security and bug fix update curl-debuginfo-7.29.0-51.el7.i686.rpmLinux
(RHSA-2018:3157)Moderate: and nss-pem security and bug fix update curl-debuginfo-7.29.0-51.el7.x86_64.rpmLinux
(RHSA-2018:3157)Moderate: and nss-pem security and bug fix update libcurl-7.29.0-51.el7.i686.rpmLinux
(RHSA-2018:3157)Moderate: and nss-pem security and bug fix update libcurl-7.29.0-51.el7.x86_64.rpmLinux
(RHSA-2018:3157)Moderate: and nss-pem security and bug fix update libcurl-devel-7.29.0-51.el7.i686.rpmLinux
(RHSA-2018:3157)Moderate: and nss-pem security and bug fix update libcurl-devel-7.29.0-51.el7.x86_64.rpmLinux
(RHSA-2018:3157)Moderate: and nss-pem security and bug fix update nss-pem-debuginfo-1.0.3-5.el7.i686.rpmLinux
(RHSA-2018:3157)Moderate: and nss-pem security and bug fix update nss-pem-debuginfo-1.0.3-5.el7.x86_64.rpmLinux
nss-pem Security Update (ALAS-2019-1139) nss-pem-1.0.3-5.amzn2.i686.rpmLinux
nss-pem Security Update (ALAS-2019-1139) nss-pem-1.0.3-5.amzn2.x86_64.rpmLinux
Vulnerabilities CVE-2018-1000120 are affected in Ruby-curl for Linux 7.58.9Linux
Out-of-bounds Write Vulnerability (CVE-2018-1000120)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234