CURL-CVE-2018-1000121

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2018-1000121.html

Import Source

https://curl.se/docs/CURL-CVE-2018-1000121.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2018-1000121

Aliases

CVE-2018-1000121

Published

2018-03-14T08:00:00Z

Modified

2024-01-25T02:42:48.061005Z

Summary

LDAP NULL pointer dereference

Details

curl might dereference a near-NULL address when getting an LDAP URL.

The function ldap_get_attribute_ber() is called to get attributes, but it turns out that it can return LDAP_SUCCESS and still return a NULL pointer in the result pointer when getting a particularly crafted response. This was a surprise to us and to the code.

libcurl-using applications that allow LDAP URLs, or that allow redirects to LDAP URLs could be made to crash by a malicious server.

Database specific

{
    "URL": "https://curl.se/docs/CVE-2018-1000121.json",
    "last_affected": "7.58.0",
    "affects": "both",
    "www": "https://curl.se/docs/CVE-2018-1000121.html",
    "severity": "Low",
    "CWE": {
        "id": "CWE-476",
        "desc": "NULL Pointer Dereference"
    },
    "package": "curl"
}

References

Credits

- Dario Weisser - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.21.0

Fixed

7.59.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

2e056353b00d0944bdb2f8e948cc40a4dc0f3dfb

Fixed

9889db043393092e9d4b5a42720bba0b3d58deba

Affected versions

7.*

7.21.0

7.21.1

7.21.2

7.21.3

7.21.4

7.21.5

7.21.6

7.21.7

7.22.0

7.23.0

7.23.1

7.24.0

7.25.0

7.26.0

7.27.0

7.28.0

7.28.1

7.29.0

7.30.0

7.31.0

7.32.0

7.33.0

7.34.0

7.35.0

7.36.0

7.37.0

7.37.1

7.38.0

7.39.0

7.40.0

7.41.0

7.42.0

7.42.1

7.43.0

7.44.0

7.45.0

7.46.0

7.47.0

7.47.1

7.48.0

7.49.0

7.49.1

7.50.0

7.50.1

7.50.2

7.50.3

7.51.0

7.52.0

7.52.1

7.53.0

7.53.1

7.54.0

7.54.1

7.55.0

7.55.1

7.56.0

7.56.1

7.57.0

7.58.0

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/curl/curl.git/commit/9889db043393092e9d4b5a42720bba0b3d58deba",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "ldap_recv",
            "file": "lib/openldap.c"
        },
        "id": "CURL-CVE-2018-1000121-ab1e9bb3",
        "signature_type": "Function",
        "digest": {
            "length": 4592.0,
            "function_hash": "328887416578178214306654622421626785268"
        }
    },
    {
        "source": "https://github.com/curl/curl.git/commit/9889db043393092e9d4b5a42720bba0b3d58deba",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "lib/openldap.c"
        },
        "id": "CURL-CVE-2018-1000121-e2a14c76",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "66058308195053059303831184805157800240",
                "208522381284363225235985548495567561267",
                "180384795194571577937512636606419807899",
                "116950588264124085603154233862740494801",
                "318624911198468198367229108116250639555",
                "238016220396618899894483569339603354701",
                "36496125730363765297620715070526551016",
                "95658113234756168716412665952919080209",
                "187721295413051310410400220050223779294",
                "266033551554067307004414137609620697488"
            ]
        }
    }
]