CVE-2018-1000005
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000005
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000005.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-1000005
- Aliases
- Downstream
- Related
- Published
- 2018-01-24T22:29:00Z
- Modified
- 2025-10-10T01:13:34.618208Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like
:to the target buffer, while this was recently changed to:(a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something. - References