CVE-2018-1000005

Name of the Vulnerable Software and Affected Versions: libcurl versions 7.49.0 through 7.57.0

Description: The issue is related to an out-of-bounds read in the code handling HTTP/2 trailers. This occurs because the stored size of the trailer data is one byte less than required, causing the data to be read out of bounds when accessed. The problem arises from the code that creates HTTP/1-like headers from the HTTP/2 trailer data, where a string like : was appended to the target buffer, but was recently changed to : without updating the associated math correspondingly. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.

Recommendations: For libcurl versions 7.49.0 through 7.57.0, consider disabling the HTTP/2 trailer handling functionality until a patch is available. Restrict access to the vulnerable code handling HTTP/2 trailers to minimize the risk of exploitation. Avoid using the trailers for any purpose until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.