CVE-2018-0500

Published: 11 July 2018

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (7.58.0-2ubuntu3.2)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(7.47.0-1ubuntu2.8)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(7.47.0-1ubuntu2.8)

Notes

AuthorNote
mdeslaur 
introduced by:
https://github.com/curl/curl/commit/e40e9d7f0decc79
curl 7.54.1 to and including curl 7.60.0

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading