Vulnerability CVE-2017-8818: Information

Description

curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-8818
Published: Nov. 29, 2017
Modified: Dec. 20, 2017
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
curlsisyphus7.57.0-alt1.S18.7.1-alt2ALT-PU-2017-2714-1195669Fixed
curlp107.57.0-alt1.S18.7.1-alt1ALT-PU-2017-2714-1195669Fixed
curlp97.57.0-alt1.S17.79.0-alt2ALT-PU-2017-2714-1195669Fixed
curlp87.57.0-alt1.M80P.17.65.0-alt1ALT-PU-2017-2736-1195736Fixed
curlc10f17.57.0-alt1.S18.6.0-alt1ALT-PU-2017-2714-1195669Fixed
curlc9f27.57.0-alt1.S18.6.0-alt1ALT-PU-2017-2714-1195669Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://curl.haxx.se/docs/adv_2017-af0a.html
  • Patch
  • Vendor Advisory
1039898
  • Third Party Advisory
  • VDB Entry
102014
  • Third Party Advisory
  • VDB Entry
http://security.cucumberlinux.com/security/details.php?id=163
  • Third Party Advisory
GLSA-201712-04
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:haxx:libcurl:7.56.0:*:*:*:*:*:*:*
      cpe:2.3:a:haxx:libcurl:7.56.1:*:*:*:*:*:*:*
      cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:*:*
      cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top