CURL-CVE-2018-1000005

See a problem?
Please try reporting it to the source first.
Source
https://curl.se/docs/CVE-2018-1000005.html
Import Source
https://curl.se/docs/CURL-CVE-2018-1000005.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2018-1000005
Aliases
Published
2018-01-24T08:00:00Z
Modified
2024-06-07T13:53:51Z
Summary
HTTP/2 trailer out-of-bounds read
Details

libcurl contains an out bounds read in code handling HTTP/2 trailers.

It was reported that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required.

The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like ":" to the target buffer, while this was recently changed to ": " (a space was added after the colon) but the associated math was not updated correspondingly.

When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to the libcurl callback. This might lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.

Database specific 
{
    "CWE": {
        "id": "CWE-126",
        "desc": "Buffer Over-read"
    },
    "package": "curl",
    "URL": "https://curl.se/docs/CVE-2018-1000005.json",
    "severity": "Low",
    "www": "https://curl.se/docs/CVE-2018-1000005.html",
    "last_affected": "7.57.0"
}
References
Credits
    • Zhouyihai Ding - FINDER
    • Zhouyihai Ding - REMEDIATION_DEVELOPER
    • Ray Satiro - OTHER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.49.0
Fixed
7.58.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events
Introduced
0761a51ee0551ad9e523cbdba24ce00d22fff9c1
Fixed
fa3dbb9a147488a2943bda809c66fc497efe06cb

Affected versions

7.*

7.49.0
7.49.1
7.50.0
7.50.1
7.50.2
7.50.3
7.51.0
7.52.0
7.52.1
7.53.0
7.53.1
7.54.0
7.54.1
7.55.0
7.55.1
7.56.0
7.56.1
7.57.0