PT-2018-9298 · Curl+5 · Curl+5

Max Dymond

Published

2018-03-14

Updated

2026-05-18

CVE-2018-1000122

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions: curl versions 7.20.0 through 7.58.0

Description: A buffer over-read issue exists in the RTSP+RTP handling code, allowing an attacker to cause a denial of service or information leakage. When transferring an RTSP URL, the software can calculate a wrong data length to copy from the read buffer, leading to a memcpy() call that copies data from the heap following the buffer. This could result in information leakage or a denial of service for the application if the server offering the RTSP data can trigger this issue.

Recommendations: For curl versions 7.20.0 through 7.58.0, update to a version outside of this range to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Buffer Over-read

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-126CWE-125

Related Identifiers

ALT-PU-2018-1518

ALT-PU-2018-2456

CESA-2018_3157

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2018-1000122

DLA-1309-1

DSA-4136-1

MGASA-2018-0423

OPENSUSE-SU-2024:10582-1

RHSA-2018:3157

RHSA-2018:3558

RHSA-2018_3157

RHSA-2020:0544

RHSA-2020:0594

SUSE-SU-2018:0769-1

SUSE-SU-2018:1323-1

USN-3598-1

USN-3598-2

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Curl

PT-2018-9298 · Curl+5 · Curl+5

CVE-2018-1000122

Weakness Enumeration

Related Identifiers

Affected Products

References · 366