CVE-2018-0500 : Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 h

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).

Published 2018-07-11 13:29:00

Updated 2020-08-24 17:37:01

Source Debian GNU/Linux

View at NVD, CVE.org

Vulnerability category: OverflowMemory Corruption

Products affected by CVE-2018-0500

Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 17.10
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
Matching versions
Haxx » Curl
Versions from including (>=) 7.54.1 and up to, including, (<=) 7.60.0
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-0500

EPSS FAQ

1.39%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 79 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-0500

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-0500

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-0500

https://security.gentoo.org/glsa/201807-04

cURL:Heap-based Buffer Overflow (GLSA 201807-04) — Gentoo security
Third Party Advisory
https://curl.haxx.se/docs/adv_2018-70a2.html

curl - SMTP send heap buffer overflow - CVE-2018-0500
Exploit;Patch;Vendor Advisory
http://www.securitytracker.com/id/1041280

curl Buffer Overflow in Curl_smtp_escape_eob() Lets Remote Users Execute Arbitrary Code on the Target System - SecurityTracker
Third Party Advisory;VDB Entry
https://github.com/curl/curl/commit/ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628

smtp: use the upload buffer size for scratch buffer malloc · curl/curl@ba1dbd7 · GitHub
Patch;Third Party Advisory
https://usn.ubuntu.com/3710-1/

USN-3710-1: curl vulnerability | Ubuntu security notices
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2486

RHSA-2018:2486 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-0500

Products affected by CVE-2018-0500

Exploit prediction scoring system (EPSS) score for CVE-2018-0500

CVSS scores for CVE-2018-0500

CWE ids for CVE-2018-0500

References for CVE-2018-0500