curl: Multiple vulnerabilities (CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122)
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write
Affected versions:
curl 7.12.3 to and including curl 7.58.0
Not affected versions:
curl < 7.12.3 and curl >= 7.59.0
Reference:
https://curl.haxx.se/docs/adv\_2018-9cd6.html
Patch:
https://curl.haxx.se/CVE-2018-1000120.patch
CVE-2018-1000121: LDAP NULL pointer dereference
Affected versions:
curl 7.21.0 to and including curl 7.58.0
Not affected versions:
curl < 7.21.0 and curl >= 7.59.0
Reference:
https://curl.haxx.se/docs/adv\_2018-97a2.html
Patch:
https://curl.haxx.se/docs/adv\_2018-97a2.html
CVE-2018-1000122: RTSP RTP buffer over-read
Affected versions:
curl 7.20.0 to and including curl 7.58.0
Not affected versions:
curl < 7.20.0 and curl >= 7.59.0
Reference:
https://curl.haxx.se/docs/adv\_2018-b047.html
Patch:
https://curl.haxx.se/CVE-2018-1000122.patch
(from redmine: issue id 8642, created on 2018-03-14, closed on 2018-03-20)
- Relations:
- copied_to #8643 (closed)
- copied_to #8644 (closed)
- copied_to #8645 (closed)
- copied_to #8646 (closed)
- copied_to #8647 (closed)
- child #8643 (closed)
- child #8644 (closed)
- child #8645 (closed)
- child #8646 (closed)
- child #8647 (closed)