ID |
CVE-2018-0500
|
Summary |
Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value). |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:haxx:curl:7.54.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.54.1:*:*:*:*:*:*:*
-
cpe:2.3:a:haxx:curl:7.55.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.55.0:*:*:*:*:*:*:*
-
cpe:2.3:a:haxx:curl:7.55.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.55.1:*:*:*:*:*:*:*
-
cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:*:*
-
cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:*:*
-
cpe:2.3:a:haxx:curl:7.57.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.57.0:*:*:*:*:*:*:*
-
cpe:2.3:a:haxx:curl:7.58.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.58.0:*:*:*:*:*:*:*
-
cpe:2.3:a:haxx:curl:7.59.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.59.0:*:*:*:*:*:*:*
-
cpe:2.3:a:haxx:curl:7.60.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.60.0:*:*:*:*:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
|
CVSS |
Base: | 7.5 (as of 24-08-2020 - 17:37) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-787 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
redhat
via4
|
|
refmap
via4
|
confirm | | gentoo | GLSA-201807-04 | sectrack | 1041280 | ubuntu | USN-3710-1 |
|
Last major update |
24-08-2020 - 17:37 |
Published |
11-07-2018 - 13:29 |
Last modified |
24-08-2020 - 17:37 |