All errata/sisyphus/ALT-PU-2018-1518-2
ALT-PU-2018-1518-2

Package update curl in branch sisyphus

Version7.59.0-alt1.S1
Task#203249
Published2026-02-04
Max severityCRITICAL
Severity:

Closed issues (6)

BDU:2018-00605
CRITICAL9.8

Уязвимость обработчика FTP URI программного средства для взаимодействия с серверами cURL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2018-04-27Modified: 2021-03-23
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
References
BDU:2019-04402
CRITICAL9.8

Уязвимость программного средства для взаимодействия с серверами curl, связанная с записью данных за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-12-03
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
References
CVE-2018-1000120
CRITICAL9.8

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.

Published: 2018-03-14Modified: 2024-11-21
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2018-1000121
HIGH7.5

A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service

Published: 2018-03-14Modified: 2024-11-21
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
CVE-2018-1000122
CRITICAL9.1

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage

Published: 2018-03-14Modified: 2024-11-21
CVSS 2.0MEDIUM 6.4
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS 3.xCRITICAL 9.1
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References
GHSA-674j-7m97-j2p9
CRITICAL9.8

curl FTP path confusion leads to NIL byte out of bounds write

Published: 2022-05-14Modified: 2023-03-02
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References