You are here

Home › Curl: Vulnerability fixed in Version 7.58.0

Curl: Vulnerability fixed in Version 7.58.0

Submitted on 29. January 2018 - 11:18 by rischi.
Last update on 30. January 2018 - 9:30.
IDs: 
CVE-2018-1000005, CVE-2018-1000007
Keywords: 
curl
Description: 

Curl version 7.58.0 fixes two vulnerabilities [1].

No action required for Airlock WAF

Details:

  • CVE-2018-1000007: HTTP authentication leak in redirects. Not relevant for Airlock WAF because redirects from back-ends are not handled by the WAF.
  • CVE-2018-1000005: Out-of-bounds read in HTTP/2 trailers. Not relevant for Airlock WAF because libcurl is not compiled with HTTP/2 support. Airlock WAF supports HTTP/2 for front-side connections where curl is not used.
Resolution: 

no action required

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required
Reference: 
[1] Vulnerabilities in curl 7.57.0
© Ergon Informatik AG