PT-2018-9297 · Curl+5 · Curl+5

Dario Weisser

Publicado

2018-03-14

Atualizado

2026-05-18

CVE-2018-1000121

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: curl versions 7.21.0 through 7.58.0

Description: A NULL pointer dereference issue exists in the LDAP code, allowing an attacker to cause a denial of service. The ldap get attribute ber() function can return a NULL pointer in the result pointer when getting a particularly crafted response, which can cause libcurl-using applications to crash. This issue affects applications that allow LDAP URLs or redirects to LDAP URLs.

Recommendations: For curl versions 7.21.0 through 7.58.0, consider disabling LDAP URL support as a temporary workaround until a patch is available. Restrict access to LDAP URLs to minimize the risk of exploitation. Avoid using the ldap get attribute ber() function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2018-1518

ALT-PU-2018-2456

CESA-2018_3157

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2018-1000121

DLA-1309-1

DSA-4136-1

MGASA-2018-0423

RHSA-2018:3157

RHSA-2018:3558

RHSA-2018_3157

RHSA-2020:0544

RHSA-2020:0594

SUSE-SU-2018:0769-1

SUSE-SU-2018:1323-1

USN-3598-1

USN-3598-2

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Curl

PT-2018-9297 · Curl+5 · Curl+5

CVE-2018-1000121

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 318