{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2018-05-18T00:00:00", "datePublic": "2018-05-16T00:00:00", "descriptions": [{"lang": "en", "value": "curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-25T14:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "104225", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104225"}, {"name": "[debian-lts-announce] 20180516 [SECURITY] [DLA 1379-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00010.html"}, {"name": "1040931", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040931"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"}, {"name": "RHSA-2018:3558", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://curl.haxx.se/docs/adv_2018-b138.html"}, {"name": "RHSA-2018:3157", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3157"}, {"name": "GLSA-201806-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201806-05"}, {"name": "DSA-4202", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4202"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}, {"name": "USN-3648-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3648-1/"}, {"name": "USN-3598-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3598-2/"}, {"name": "RHBA-2019:0327", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHBA-2019:0327"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "RHSA-2020:0544", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0544"}, {"name": "RHSA-2020:0594", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0594"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-05-18T21:46:02.317380", "DATE_REQUESTED": "2018-05-06T00:00:00", "ID": "CVE-2018-1000301", "REQUESTER": "daniel@haxx.se", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "104225", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104225"}, {"name": "[debian-lts-announce] 20180516 [SECURITY] [DLA 1379-1] curl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00010.html"}, {"name": "1040931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040931"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "refsource": "CONFIRM", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"}, {"name": "RHSA-2018:3558", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"name": "https://curl.haxx.se/docs/adv_2018-b138.html", "refsource": "CONFIRM", "url": "https://curl.haxx.se/docs/adv_2018-b138.html"}, {"name": "RHSA-2018:3157", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3157"}, {"name": "GLSA-201806-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201806-05"}, {"name": "DSA-4202", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4202"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}, {"name": "USN-3648-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3648-1/"}, {"name": "USN-3598-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3598-2/"}, {"name": "RHBA-2019:0327", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:0327"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "RHSA-2020:0544", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0544"}, {"name": "RHSA-2020:0594", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0594"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:40:46.706Z"}, "title": "CVE Program Container", "references": [{"name": "104225", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104225"}, {"name": "[debian-lts-announce] 20180516 [SECURITY] [DLA 1379-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00010.html"}, {"name": "1040931", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040931"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"}, {"name": "RHSA-2018:3558", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://curl.haxx.se/docs/adv_2018-b138.html"}, {"name": "RHSA-2018:3157", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3157"}, {"name": "GLSA-201806-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201806-05"}, {"name": "DSA-4202", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4202"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}, {"name": "USN-3648-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3648-1/"}, {"name": "USN-3598-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3598-2/"}, {"name": "RHBA-2019:0327", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHBA-2019:0327"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "RHSA-2020:0544", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0544"}, {"name": "RHSA-2020:0594", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0594"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000301", "datePublished": "2018-05-24T13:00:00", "dateReserved": "2018-05-06T00:00:00", "dateUpdated": "2024-08-05T12:40:46.706Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "matchCriteriaId": "1740914F-BCF7-4244-B328-2DF76138B1D8", "versionEndIncluding": "7.59.0", "versionStartIncluding": "7.20.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "77120A3C-9A48-45FC-A620-5072AF325ACF", "versionEndExcluding": "7.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "BE12B6A4-E128-41EC-8017-558F50B961BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0."}, {"lang": "es", "value": "curl en su versi\u00f3n 7.20.0 hasta la 7.59.0 contiene una vulnerabilidad CWE-126: sobrelectura de b\u00fafer y denegaci\u00f3n de servicio (DoS) que puede resultar en que se puede enga\u00f1ar a curl para que lea datos m\u00e1s all\u00e1 del final de un b\u00fafer de memoria din\u00e1mica (heap) que se usa para almacenar contenido RTSP descargado. La vulnerabilidad parece haber sido solucionada en las versiones anteriores a la 7.20.0 y en la 7.60.0 y posteriores."}], "id": "CVE-2018-1000301", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-24T13:29:01.383", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104225"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040931"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHBA-2019:0327"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3157"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3558"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2020:0544"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2020:0594"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://curl.haxx.se/docs/adv_2018-b138.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00010.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201806-05"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3598-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3648-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4202"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"}, {"source": "cve@mitre.org", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges the OSS-Fuzz project as the original reporter.", "affected_release": [{"advisory": "RHSA-2018:3157", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "curl-0:7.29.0-51.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-10-30T00:00:00Z"}, {"advisory": "RHSA-2018:3157", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "nss-pem-0:1.0.3-5.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-10-30T00:00:00Z"}, {"advisory": "RHSA-2020:0594", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "curl-0:7.29.0-42.el7_4.2", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2020-02-25T00:00:00Z"}, {"advisory": "RHSA-2020:0594", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "curl-0:7.29.0-42.el7_4.2", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2020-02-25T00:00:00Z"}, {"advisory": "RHSA-2020:0594", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "curl-0:7.29.0-42.el7_4.2", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2020-02-25T00:00:00Z"}, {"advisory": "RHSA-2020:0544", "cpe": "cpe:/o:redhat:rhel_eus:7.5", "package": "curl-0:7.29.0-46.el7_5.1", "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "httpd24-curl-0:7.61.1-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "httpd24-httpd-0:2.4.34-7.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "httpd24-nghttp2-0:1.7.1-7.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-curl-0:7.61.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-curl-0:7.61.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-curl-0:7.61.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-curl-0:7.61.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2018-11-13T00:00:00Z"}, {"advisory": "RHSA-2018:3558", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2018-11-13T00:00:00Z"}], "bugzilla": {"description": "curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service", "id": "1575536", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575536"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified"}, "cwe": "CWE-125", "details": ["curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0."], "name": "CVE-2018-1000301", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:1.0", "fix_state": "Out of support scope", "package_name": "rh-dotnetcore10-curl", "product_name": ".NET Core 1.0 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:1.1", "fix_state": "Out of support scope", "package_name": "rh-dotnetcore11-curl", "product_name": ".NET Core 1.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:2.0", "fix_state": "Out of support scope", "package_name": "rh-dotnet20-curl", "product_name": ".NET Core 2.0 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:2.1", "fix_state": "Will not fix", "package_name": "rh-dotnet21-curl", "product_name": ".NET Core 2.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Will not fix", "package_name": "curl", "product_name": "Red Hat JBoss Enterprise Web Server 3"}], "public_date": "2018-05-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-1000301\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000301\nhttps://curl.haxx.se/docs/adv_2018-b138.html"], "threat_severity": "Moderate", "upstream_fix": "curl 7.60.0"}