Buffer over-read in curl (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-1000122 |
| CWE-ID | CWE-126 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
curl (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Buffer over-read
EUVDB-ID: #VU11108
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1000122
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition.
The weakness exists due to buffer over-read. A remote attacker can cause the target application to trigger a buffer copy
error in processing RTSP URLs and cause the application to crash or
access potentially sensitive information on the target system.
Install update from vendor's website.
Vulnerable software versionscurl (Alpine package): 7.21.1-r0 - 7.58.0-r2
CPE2.3- cpe:2.3:o:alpine:curl_alpine_package:7.58.0-r0:*:*:*:*:alpine_linux:*:
- cpe:2.3:o:alpine:curl_alpine_package:7.57.0-r0:*:*:*:*:alpine_linux:*:
- cpe:2.3:o:alpine:curl_alpine_package:7.58.0-r2:*:*:*:*:alpine_linux:*:
http://git.alpinelinux.org/aports/commit/?id=06d873c35d45649783f1d3393b35034356679424
http://git.alpinelinux.org/aports/commit/?id=7d31ed74e2b6d74352c9a6f3ab2110c402a28f3a
http://git.alpinelinux.org/aports/commit/?id=edd0ff244c02b47646e66a1bc5737c6dadee86a5
http://git.alpinelinux.org/aports/commit/?id=f58c96201b3afe219bd0ba4e66ace7f03452ed29
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
