Heap-based buffer overflow in curl (Alpine package)
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-1000300 |
| CWE-ID | CWE-122 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
curl (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Heap-based buffer overflow
EUVDB-ID: #VU12799
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1000300
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when closing down an FTP connection with very long server command replies. When doing FTP transfers, curl keeps a spare "closure handle" around internally that will be used when an FTP connection gets shut down since the original curl easy handle is then already removed. FTP server response data that gets cached from the original transfer might then be larger than the default buffer size (16 KB) allocated in the "closure handle", which can lead to buffer overwrite. A remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionscurl (Alpine package): 7.59.0-r0 - 7.59.0-r1
CPE2.3- cpe:2.3:o:alpine:curl_alpine_package:7.59.0-r1:*:*:*:*:alpine_linux:*:
- cpe:2.3:o:alpine:curl_alpine_package:7.59.0-r0:*:*:*:*:alpine_linux:*:
http://git.alpinelinux.org/aports/commit/?id=201bea07cf7afc2a3cae3e5f5aa927a1c1a66c14
http://git.alpinelinux.org/aports/commit/?id=0a8c160f5bfb61a52f6baa67dd5ce1e6b72038ae
http://git.alpinelinux.org/aports/commit/?id=1acc8d384b7bbc2890a59f59ab217ef2918ed6db
http://git.alpinelinux.org/aports/commit/?id=4cf78dce7e8795b6066bcfcac60143bd68d87bfb
http://git.alpinelinux.org/aports/commit/?id=816ad945de1a845d5a3f498f361c5ec1f1fdf632
http://git.alpinelinux.org/aports/commit/?id=81f97eef6dbd21c460ec2d7791d4c4fd5b8a7d1c
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
