ID CVE-2018-1000121
Summary A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
References
Vulnerable Configurations
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.42.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.42.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.42.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.42.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.43.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.43.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.44.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.44.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.45.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.45.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.46.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.46.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.47.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.47.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.47.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.47.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.48.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.48.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.49.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.49.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.49.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.49.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.50.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.50.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.50.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.50.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.50.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.50.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.50.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.50.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.51.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.51.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.52.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.52.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.52.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.52.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.53.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.53.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.53.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.53.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.54.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.54.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.54.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.54.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.55.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.55.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.55.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.55.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.57.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.57.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.58.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.58.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 23-07-2019 - 23:15)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHBA-2019:0327
  • rhsa
    id RHSA-2018:3157
  • rhsa
    id RHSA-2018:3558
  • rhsa
    id RHSA-2020:0544
  • rhsa
    id RHSA-2020:0594
rpms
  • curl-0:7.29.0-51.el7
  • curl-debuginfo-0:7.29.0-51.el7
  • libcurl-0:7.29.0-51.el7
  • libcurl-devel-0:7.29.0-51.el7
  • nss-pem-0:1.0.3-5.el7
  • nss-pem-debuginfo-0:1.0.3-5.el7
  • httpd24-curl-0:7.61.1-1.el6
  • httpd24-curl-0:7.61.1-1.el7
  • httpd24-curl-debuginfo-0:7.61.1-1.el6
  • httpd24-curl-debuginfo-0:7.61.1-1.el7
  • httpd24-httpd-0:2.4.34-7.el6
  • httpd24-httpd-0:2.4.34-7.el7
  • httpd24-httpd-debuginfo-0:2.4.34-7.el6
  • httpd24-httpd-debuginfo-0:2.4.34-7.el7
  • httpd24-httpd-devel-0:2.4.34-7.el6
  • httpd24-httpd-devel-0:2.4.34-7.el7
  • httpd24-httpd-manual-0:2.4.34-7.el6
  • httpd24-httpd-manual-0:2.4.34-7.el7
  • httpd24-httpd-tools-0:2.4.34-7.el6
  • httpd24-httpd-tools-0:2.4.34-7.el7
  • httpd24-libcurl-0:7.61.1-1.el6
  • httpd24-libcurl-0:7.61.1-1.el7
  • httpd24-libcurl-devel-0:7.61.1-1.el6
  • httpd24-libcurl-devel-0:7.61.1-1.el7
  • httpd24-libnghttp2-0:1.7.1-7.el6
  • httpd24-libnghttp2-0:1.7.1-7.el7
  • httpd24-libnghttp2-devel-0:1.7.1-7.el6
  • httpd24-libnghttp2-devel-0:1.7.1-7.el7
  • httpd24-mod_ldap-0:2.4.34-7.el6
  • httpd24-mod_ldap-0:2.4.34-7.el7
  • httpd24-mod_md-0:2.4.34-7.el7
  • httpd24-mod_proxy_html-1:2.4.34-7.el6
  • httpd24-mod_proxy_html-1:2.4.34-7.el7
  • httpd24-mod_session-0:2.4.34-7.el6
  • httpd24-mod_session-0:2.4.34-7.el7
  • httpd24-mod_ssl-1:2.4.34-7.el6
  • httpd24-mod_ssl-1:2.4.34-7.el7
  • httpd24-nghttp2-0:1.7.1-7.el6
  • httpd24-nghttp2-0:1.7.1-7.el7
  • httpd24-nghttp2-debuginfo-0:1.7.1-7.el6
  • httpd24-nghttp2-debuginfo-0:1.7.1-7.el7
  • curl-0:7.29.0-46.el7_5.1
  • curl-debuginfo-0:7.29.0-46.el7_5.1
  • libcurl-0:7.29.0-46.el7_5.1
  • libcurl-devel-0:7.29.0-46.el7_5.1
  • curl-0:7.29.0-42.el7_4.2
  • curl-debuginfo-0:7.29.0-42.el7_4.2
  • libcurl-0:7.29.0-42.el7_4.2
  • libcurl-devel-0:7.29.0-42.el7_4.2
refmap via4
bid 103415
confirm
debian DSA-4136
misc https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
mlist [debian-lts-announce] 20180318 [SECURITY] [DLA 1309-1] curl security update
sectrack 1040529
ubuntu
  • USN-3598-1
  • USN-3598-2
Last major update 23-07-2019 - 23:15
Published 14-03-2018 - 18:29
Last modified 23-07-2019 - 23:15
Back to Top