You are here

Curl: Vulnerability fixed in Version 7.58.0

IDs: 
CVE-2018-1000005, CVE-2018-1000007
Keywords: 
curl
Description: 

Curl version 7.58.0 fixes two vulnerabilities [1].

No action required for Airlock WAF

Details:

  • CVE-2018-1000007: HTTP authentication leak in redirects. Not relevant for Airlock WAF because redirects from back-ends are not handled by the WAF.
  • CVE-2018-1000005: Out-of-bounds read in HTTP/2 trailers. Not relevant for Airlock WAF because libcurl is not compiled with HTTP/2 support. Airlock WAF supports HTTP/2 for front-side connections where curl is not used.
Resolution: 

no action required

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required