CURL-CVE-2018-1000301

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2018-1000301.html

Import Source

https://curl.se/docs/CURL-CVE-2018-1000301.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2018-1000301

Aliases

CVE-2018-1000301

Published

2018-05-16T08:00:00Z

Modified

2026-05-27T02:29:21.712243Z

Summary

RTSP bad headers buffer over-read

Details

curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded content.

When servers send RTSP responses back to curl, the data starts out with a set of headers. curl parses that data to separate it into a number of headers to deal with those appropriately and to find the end of the headers that signal the start of the "body" part.

The function that splits up the response into headers is called Curl_http_readwrite_headers() and in situations where it cannot find a single header in the buffer, it might end up leaving a pointer pointing into the buffer instead of to the start of the buffer which then later on may lead to an out of buffer read when code assumes that pointer points to a full buffer size worth of memory to use.

This could potentially lead to information leakage but most likely a crash/denial of service for applications if a server triggers this flaw.

Database specific

{
    "severity": "Medium",
    "www": "https://curl.se/docs/CVE-2018-1000301.html",
    "CWE": {
        "id": "CWE-126",
        "desc": "Buffer Over-read"
    },
    "URL": "https://curl.se/docs/CVE-2018-1000301.json",
    "affects": "both",
    "package": "curl",
    "last_affected": "7.59.0"
}

References

Credits

- OSS-Fuzz - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER
- Max Dymond - OTHER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.20.0

Fixed

7.60.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

bc4582b68a673d3b0f5a2e7d971605de2c8b3730

Fixed

8c7b3737d29ed5c0575bf592063de8a51450812d

Affected versions

7.*

7.20.0

7.20.1

7.21.0

7.21.1

7.21.2

7.21.3

7.21.4

7.21.5

7.21.6

7.21.7

7.22.0

7.23.0

7.23.1

7.24.0

7.25.0

7.26.0

7.27.0

7.28.0

7.28.1

7.29.0

7.30.0

7.31.0

7.32.0

7.33.0

7.34.0

7.35.0

7.36.0

7.37.0

7.37.1

7.38.0

7.39.0

7.40.0

7.41.0

7.42.0

7.42.1

7.43.0

7.44.0

7.45.0

7.46.0

7.47.0

7.47.1

7.48.0

7.49.0

7.49.1

7.50.0

7.50.1

7.50.2

7.50.3

7.51.0

7.52.0

7.52.1

7.53.0

7.53.1

7.54.0

7.54.1

7.55.0

7.55.1

7.56.0

7.56.1

7.57.0

7.58.0

7.59.0

Other

curl-7_20_0

curl-7_20_1

curl-7_21_0

curl-7_21_1

curl-7_21_2

curl-7_21_3

curl-7_21_4

curl-7_21_5

curl-7_21_6

curl-7_21_7

curl-7_22_0

curl-7_23_0

curl-7_23_1

curl-7_24_0

curl-7_25_0

curl-7_26_0

curl-7_27_0

curl-7_28_0

curl-7_28_1

curl-7_29_0

curl-7_30_0

curl-7_31_0

curl-7_32_0

curl-7_33_0

curl-7_34_0

curl-7_35_0

curl-7_36_0

curl-7_37_0

curl-7_37_1

curl-7_38_0

curl-7_39_0

curl-7_40_0

curl-7_41_0

curl-7_42_0

curl-7_42_1

curl-7_43_0

curl-7_44_0

curl-7_45_0

curl-7_46_0

curl-7_47_0

curl-7_47_1

curl-7_48_0

curl-7_49_0

curl-7_49_1

curl-7_50_0

curl-7_50_1

curl-7_50_2

curl-7_50_3

curl-7_51_0

curl-7_52_0

curl-7_52_1

curl-7_53_0

curl-7_53_1

curl-7_54_0

curl-7_54_1

curl-7_55_0

curl-7_55_1

curl-7_56_0

curl-7_56_1

curl-7_57_0

curl-7_58_0

curl-7_59_0

Database specific

source

"https://curl.se/docs/CURL-CVE-2018-1000301.json"

vanir_signatures_modified

"2026-05-27T02:29:21Z"

vanir_signatures

[
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/curl/curl.git/commit/8c7b3737d29ed5c0575bf592063de8a51450812d",
        "digest": {
            "function_hash": "37860886073078372341497195057354531055",
            "length": 13923.0
        },
        "id": "CURL-CVE-2018-1000301-21826962",
        "deprecated": false,
        "target": {
            "file": "lib/http.c",
            "function": "Curl_http_readwrite_headers"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/curl/curl.git/commit/8c7b3737d29ed5c0575bf592063de8a51450812d",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "60540376985795332104885178944460297627",
                "32121863850034651570678934636920241612",
                "210976118834394436936769943085360174365",
                "12613360968588433500604004387603295497",
                "233511850012068601660191913109716389610",
                "310310701518340729159613488610066335964",
                "163153379115803148264174895663674330793",
                "236333589854267053654038544780176612755"
            ]
        },
        "id": "CURL-CVE-2018-1000301-f45502dd",
        "deprecated": false,
        "target": {
            "file": "lib/http.c"
        }
    }
]