You are here

Home › Curl: Vulnerability fixed in Version 7.59.0

Curl: Vulnerability fixed in Version 7.59.0

Submitted on 15. March 2018 - 9:34 by rischi.
Last update on 15. March 2018 - 9:55.
IDs: 
CVE-2018-1000122, CVE-2018-1000121, CVE-2018-1000120
Keywords: 
curl
Description: 

Curl version 7.59.0 fixes three vulnerabilities [1].

No action required for Airlock WAF

Details:

  • CVE-2018-1000122: RTSP RTP buffer over-read. Not relevant for Airlock WAF because RTSP is not used.
  • CVE-2018-1000005: LDAP NULL pointer dereference. Not relevant for Airlock WAF because LDAP is not used.
  • CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write. FTP in curl can be used to fetch CRLs on Airlock WAF [2]. The vulnerability is not relevant for Airlock WAF because the affected parameter "--ftp-method singlecwd" is not used.
Resolution: 

no action required

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required
Reference: 
[1] Vulnerabilities in curl 7.58.0
[2] Automatic update of CRLs
© Ergon Informatik AG