Vulnerability-Lookup

CVE-2018-0500 (GCVE-0-2018-0500)

Vulnerability from cvelistv5 – Published: 2018-07-11 13:00 – Updated: 2024-08-05 03:28

Summary

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).

Severity

No CVSS data available.

CWE

heap-based buffer overflow

Assigner

debian

References

6 references

URL	Tags
http://www.securitytracker.com/id/1041280	vdb-entryx_refsource_SECTRACK
https://github.com/curl/curl/commit/ba1dbd78e5f1e…	x_refsource_CONFIRM
https://curl.haxx.se/docs/adv_2018-70a2.html	x_refsource_CONFIRM
https://security.gentoo.org/glsa/201807-04	vendor-advisoryx_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2018:2486	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3710-1/	vendor-advisoryx_refsource_UBUNTU

Impacted products

1 product

Vendor	Product	Version
n/a	curl before 7.61.0	Affected: curl before 7.61.0

Date Public

2018-07-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.048Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041280",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041280"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/curl/curl/commit/ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://curl.haxx.se/docs/adv_2018-70a2.html"
          },
          {
            "name": "GLSA-201807-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201807-04"
          },
          {
            "name": "RHSA-2018:2486",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2486"
          },
          {
            "name": "USN-3710-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3710-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "curl before 7.61.0",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "curl before 7.61.0"
            }
          ]
        }
      ],
      "datePublic": "2018-07-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "heap-based buffer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-21T09:57:02.000Z",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "1041280",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041280"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/curl/curl/commit/ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://curl.haxx.se/docs/adv_2018-70a2.html"
        },
        {
          "name": "GLSA-201807-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201807-04"
        },
        {
          "name": "RHSA-2018:2486",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2486"
        },
        {
          "name": "USN-3710-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3710-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2018-0500",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "curl before 7.61.0",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "curl before 7.61.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "heap-based buffer overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041280",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041280"
            },
            {
              "name": "https://github.com/curl/curl/commit/ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628",
              "refsource": "CONFIRM",
              "url": "https://github.com/curl/curl/commit/ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628"
            },
            {
              "name": "https://curl.haxx.se/docs/adv_2018-70a2.html",
              "refsource": "CONFIRM",
              "url": "https://curl.haxx.se/docs/adv_2018-70a2.html"
            },
            {
              "name": "GLSA-201807-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201807-04"
            },
            {
              "name": "RHSA-2018:2486",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2486"
            },
            {
              "name": "USN-3710-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3710-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2018-0500",
    "datePublished": "2018-07-11T13:00:00.000Z",
    "dateReserved": "2017-11-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T03:28:11.048Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-0500",
      "date": "2026-05-27",
      "epss": "0.01242",
      "percentile": "0.79519"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-0500\",\"sourceIdentifier\":\"security@debian.org\",\"published\":\"2018-07-11T13:29:00.317\",\"lastModified\":\"2024-11-21T03:38:21.787\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).\"},{\"lang\":\"es\",\"value\":\"Curl_smtp_escape_eob en lib/smtp.c en curl desde la versi\u00f3n 7.54.1 hasta la 7.60.0 tiene un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) que podr\u00eda ser explotado por un atacante que pueda controlar los datos que curl transmite por SMTP con ciertas opciones (p.ej., el uso de un argumento no est\u00e1ndar --limit-rate o un valor CURLOPT_BUFFERSIZE).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.54.1\",\"versionEndIncluding\":\"7.60.0\",\"matchCriteriaId\":\"14529B18-3A03-40FB-8B60-9CF0802DA443\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1041280\",\"source\":\"security@debian.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2486\",\"source\":\"security@debian.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://curl.haxx.se/docs/adv_2018-70a2.html\",\"source\":\"security@debian.org\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/curl/curl/commit/ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201807-04\",\"source\":\"security@debian.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3710-1/\",\"source\":\"security@debian.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1041280\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2486\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://curl.haxx.se/docs/adv_2018-70a2.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/curl/curl/commit/ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201807-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3710-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

SUSE-SU-2018:2423-1

Vulnerability from csaf_suse - Published: 2018-08-17 16:21 - Updated: 2018-08-17 16:21

Summary

Security update for curl

Severity

Moderate

Notes

Title of the patch: Security update for curl

Description of the patch: This update for curl fixes the following issues: Security issue fixed: - CVE-2018-0500: Fix a SMTP send heap buffer overflow (bsc#1099793).

Patchnames: SUSE-SLE-Module-Basesystem-15-2018-1685

CVE-2018-0500

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 13 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.6.4.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.x86_64	—	Vendor Fix

Threats

Impact important

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1099793	self
https://www.suse.com/security/cve/CVE-2018-0500/	self
https://www.suse.com/security/cve/CVE-2018-0500	external
https://bugzilla.suse.com/1099793	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for curl",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for curl fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-0500: Fix a SMTP send heap buffer overflow (bsc#1099793).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Module-Basesystem-15-2018-1685",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2423-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:2423-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182423-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:2423-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-August/004471.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1099793",
        "url": "https://bugzilla.suse.com/1099793"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-0500 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-0500/"
      }
    ],
    "title": "Security update for curl",
    "tracking": {
      "current_release_date": "2018-08-17T16:21:00Z",
      "generator": {
        "date": "2018-08-17T16:21:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:2423-1",
      "initial_release_date": "2018-08-17T16:21:00Z",
      "revision_history": [
        {
          "date": "2018-08-17T16:21:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-3.6.4.aarch64",
                "product": {
                  "name": "curl-7.60.0-3.6.4.aarch64",
                  "product_id": "curl-7.60.0-3.6.4.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-3.6.4.aarch64",
                "product": {
                  "name": "libcurl-devel-7.60.0-3.6.4.aarch64",
                  "product_id": "libcurl-devel-7.60.0-3.6.4.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-3.6.4.aarch64",
                "product": {
                  "name": "libcurl4-7.60.0-3.6.4.aarch64",
                  "product_id": "libcurl4-7.60.0-3.6.4.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-3.6.4.ppc64le",
                "product": {
                  "name": "curl-7.60.0-3.6.4.ppc64le",
                  "product_id": "curl-7.60.0-3.6.4.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-3.6.4.ppc64le",
                "product": {
                  "name": "libcurl-devel-7.60.0-3.6.4.ppc64le",
                  "product_id": "libcurl-devel-7.60.0-3.6.4.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-3.6.4.ppc64le",
                "product": {
                  "name": "libcurl4-7.60.0-3.6.4.ppc64le",
                  "product_id": "libcurl4-7.60.0-3.6.4.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-3.6.4.s390x",
                "product": {
                  "name": "curl-7.60.0-3.6.4.s390x",
                  "product_id": "curl-7.60.0-3.6.4.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-3.6.4.s390x",
                "product": {
                  "name": "libcurl-devel-7.60.0-3.6.4.s390x",
                  "product_id": "libcurl-devel-7.60.0-3.6.4.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-3.6.4.s390x",
                "product": {
                  "name": "libcurl4-7.60.0-3.6.4.s390x",
                  "product_id": "libcurl4-7.60.0-3.6.4.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-3.6.4.x86_64",
                "product": {
                  "name": "curl-7.60.0-3.6.4.x86_64",
                  "product_id": "curl-7.60.0-3.6.4.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-3.6.4.x86_64",
                "product": {
                  "name": "libcurl-devel-7.60.0-3.6.4.x86_64",
                  "product_id": "libcurl-devel-7.60.0-3.6.4.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-3.6.4.x86_64",
                "product": {
                  "name": "libcurl4-7.60.0-3.6.4.x86_64",
                  "product_id": "libcurl4-7.60.0-3.6.4.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-32bit-7.60.0-3.6.4.x86_64",
                "product": {
                  "name": "libcurl4-32bit-7.60.0-3.6.4.x86_64",
                  "product_id": "libcurl4-32bit-7.60.0-3.6.4.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.6.4.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.aarch64"
        },
        "product_reference": "curl-7.60.0-3.6.4.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.6.4.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.ppc64le"
        },
        "product_reference": "curl-7.60.0-3.6.4.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.6.4.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.s390x"
        },
        "product_reference": "curl-7.60.0-3.6.4.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.6.4.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.x86_64"
        },
        "product_reference": "curl-7.60.0-3.6.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.6.4.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.aarch64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.6.4.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.6.4.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.ppc64le"
        },
        "product_reference": "libcurl-devel-7.60.0-3.6.4.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.6.4.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.s390x"
        },
        "product_reference": "libcurl-devel-7.60.0-3.6.4.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.6.4.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.x86_64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.6.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.6.4.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.aarch64"
        },
        "product_reference": "libcurl4-7.60.0-3.6.4.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.6.4.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.ppc64le"
        },
        "product_reference": "libcurl4-7.60.0-3.6.4.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.6.4.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.s390x"
        },
        "product_reference": "libcurl4-7.60.0-3.6.4.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.6.4.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-3.6.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-3.6.4.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.6.4.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-3.6.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-0500",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-0500"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.6.4.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-0500",
          "url": "https://www.suse.com/security/cve/CVE-2018-0500"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1099793 for CVE-2018-0500",
          "url": "https://bugzilla.suse.com/1099793"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.6.4.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.6.4.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T16:21:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-0500"
    }
  ]
}

WID-SEC-W-2025-0266

Vulnerability from csaf_certbund - Published: 2018-07-29 22:00 - Updated: 2025-02-04 23:00

Summary

cURL: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in cURL ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen.

Betroffene Betriebssysteme: - Linux - UNIX

CVE-2018-0500

Es existiert eine Pufferüberlauf Schwachstelle in cURL. Die Schwachstelle besteht in der Curl_smtp_escape_eob(). Ein Angreifer kann dieses zu einem Denial of Service Angriff und möglicherweise zur Ausführung von Code mit den Privilegien des Angegriffenen nutzen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen, Daten über SMTP mit einem reduzierten Puffer zu laden.

Affected products

Known affected 6 products

Product	Identifier	Version
Dell Avamar <19.12 Dell / Avamar		<19.12
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Open Source cURL <7.61.0 Open Source / cURL		<7.61.0

References

6 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://security.gentoo.org/glsa/201807-04	external
https://access.redhat.com/errata/RHSA-2018:2486	external
https://www.suse.com/support/update/announcement/…	external
https://www.dell.com/support/kbdoc/de-de/00028127…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in cURL ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0266 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2018/wid-sec-w-2025-0266.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0266 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0266"
      },
      {
        "category": "external",
        "summary": "Gentoo Security Advisory GLSA 201807-04 vom 2018-07-29",
        "url": "https://security.gentoo.org/glsa/201807-04"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2018:2486 vom 2018-08-17",
        "url": "https://access.redhat.com/errata/RHSA-2018:2486"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:2423-1 vom 2018-08-18",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182423-1.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-071 vom 2025-02-05",
        "url": "https://www.dell.com/support/kbdoc/de-de/000281275/dsa-2025-071-security-update-for-dell-avamar-for-multiple-component-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "cURL: Schwachstelle erm\u00f6glicht Ausf\u00fchren von beliebigem Programmcode mit Benutzerrechten",
    "tracking": {
      "current_release_date": "2025-02-04T23:00:00.000+00:00",
      "generator": {
        "date": "2025-02-05T11:40:20.326+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2025-0266",
      "initial_release_date": "2018-07-29T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2018-07-29T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2018-07-29T22:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2018-08-16T22:00:00.000+00:00",
          "number": "3",
          "summary": "New remediations available"
        },
        {
          "date": "2018-08-19T22:00:00.000+00:00",
          "number": "4",
          "summary": "New remediations available"
        },
        {
          "date": "2025-02-04T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c19.12",
                "product": {
                  "name": "Dell Avamar \u003c19.12",
                  "product_id": "T040818"
                }
              },
              {
                "category": "product_version",
                "name": "19.12",
                "product": {
                  "name": "Dell Avamar 19.12",
                  "product_id": "T040818-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:avamar:19.12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Avamar"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.61.0",
                "product": {
                  "name": "Open Source cURL \u003c7.61.0",
                  "product_id": "T012561"
                }
              },
              {
                "category": "product_version",
                "name": "7.61.0",
                "product": {
                  "name": "Open Source cURL 7.61.0",
                  "product_id": "T012561-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:curl:curl:7.61.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "cURL"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-0500",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Puffer\u00fcberlauf Schwachstelle in cURL. Die Schwachstelle besteht in der Curl_smtp_escape_eob(). Ein Angreifer kann dieses zu einem Denial of Service Angriff und m\u00f6glicherweise zur Ausf\u00fchrung von Code mit den Privilegien des Angegriffenen nutzen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen, Daten \u00fcber SMTP mit einem reduzierten Puffer zu laden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040818",
          "T002207",
          "67646",
          "T000126",
          "T012167",
          "T012561"
        ]
      },
      "release_date": "2018-07-29T22:00:00.000+00:00",
      "title": "CVE-2018-0500"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-0500 (GCVE-0-2018-0500)

SUSE-SU-2018:2423-1

WID-SEC-W-2025-0266

Tags

Sightings

Nomenclature