Arch Linux Security Advisory ASA-201803-19 ========================================== Severity: Medium Date : 2018-03-19 CVE-ID : CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 Package : libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-661 Summary ======= The package libcurl-gnutls before version 7.59.0-1 is vulnerable to multiple issues including denial of service and information disclosure. Resolution ========== Upgrade to 7.59.0-1. # pacman -Syu "libcurl-gnutls>=7.59.0-1" The problems have been fixed upstream in version 7.59.0. Workaround ========== None. Description =========== - CVE-2018-1000120 (denial of service) It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior. - CVE-2018-1000121 (denial of service) A NULL pointer dereference exists in the LDAP code of curl >= 7.21.0 and < curl 7.59.0, allowing an attacker to cause a denial of service. libcurl-using applications that allow LDAP URLs, or that allow redirects to LDAP URLs could be made to crash by a malicious server. - CVE-2018-1000122 (information disclosure) A buffer over-read exists in curl >= 7.20.0 and < 7.59.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage. When asked to transfer an RTSP URL, curl could calculate a wrong data length to copy from the read buffer. The memcpy call would copy data from the heap following the buffer to a storage area that would subsequently be delivered to the application (if it didn't cause a crash). This could lead to information leakage or a denial of service for the application if the server offering the RTSP data can trigger this. Impact ====== A remote attacker is able to crash the application or disclose sensitive information on the affected host. References ========== https://curl.haxx.se/docs/adv_2018-9cd6.html https://curl.haxx.se/CVE-2018-1000120.patch https://github.com/curl/curl/commit/535432c0adb62fe167ec09621500470b6fa4eb0f https://curl.haxx.se/docs/adv_2018-97a2.html https://curl.haxx.se/CVE-2018-1000121.patch https://github.com/curl/curl/commit/9889db043393092e9d4b5a42720bba0b3d58deba https://curl.haxx.se/docs/adv_2018-b047.html https://curl.haxx.se/CVE-2018-1000122.patch https://github.com/curl/curl/commit/d52dc4760f6d9ca1937eefa2093058a952465128 https://security.archlinux.org/CVE-2018-1000120 https://security.archlinux.org/CVE-2018-1000121 https://security.archlinux.org/CVE-2018-1000122