CVE-2018-1000121

Published: 14 March 2018

A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian 		Upstream
Released (7.59.0)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (7.58.0-2ubuntu3)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (7.47.0-1ubuntu2.7)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (7.35.0-1ubuntu2.15)
Patches:
Upstream: https://github.com/curl/curl/commit/9889db043393092e9d4b5a42720bba0b3d58deba

Notes

AuthorNote
mdeslaur 
introduced by https://github.com/curl/curl/commit/2e056353b00d09

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading