CVE-2018-0500

curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).

Curl_smtp_escape_eob en lib/smtp.c en curl desde la versión 7.54.1 hasta la 7.60.0 tiene un desbordamiento de búfer basado en memoria dinámica (heap) que podría ser explotado por un atacante que pueda controlar los datos que curl transmite por SMTP con ciertas opciones (p.ej., el uso de un argumento no estándar --limit-rate o un valor CURLOPT_BUFFERSIZE).

A heap-based buffer overflow has been found in the Curl_smtp_escape_eob() function of curl. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-27 CVE Reserved
2018-07-11 CVE Published
2023-12-02 EPSS Updated
2024-08-05 CVE Updated
2024-08-05 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-122: Heap-based Buffer Overflow
CWE-787: Out-of-bounds Write

CAPEC

References (8)

URL	Tag	Source
http://www.securitytracker.com/id/1041280	Third Party Advisory

URL	Date	SRC
https://curl.haxx.se/docs/adv_2018-70a2.html	2024-08-05

URL	Date	SRC
https://github.com/curl/curl/commit/ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628	2020-08-24

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2018:2486	2020-08-24
https://security.gentoo.org/glsa/201807-04	2020-08-24
https://usn.ubuntu.com/3710-1	2020-08-24
https://access.redhat.com/security/cve/CVE-2018-0500	2018-08-16
https://bugzilla.redhat.com/show_bug.cgi?id=1597101	2018-08-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Haxx Search vendor "Haxx"		Curl Search vendor "Haxx" for product "Curl"				>= 7.54.1 <= 7.60.0 Search vendor "Haxx" for product "Curl" and version " >= 7.54.1 <= 7.60.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				17.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"		lts		Affected