PublicDateAtUSN: 2018-03-14
Candidate: CVE-2018-1000120
CRD: 2018-03-14
PublicDate: 2018-03-14 18:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120
 https://curl.haxx.se/docs/adv_2018-9cd6.html
 https://ubuntu.com/security/notices/USN-3598-1
 https://ubuntu.com/security/notices/USN-3598-2
Description:
 A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the
 FTP URL handling that allows an attacker to cause a denial of service or
 worse.
Ubuntu-Description: 
Notes: 
 mdeslaur> introduced by https://github.com/curl/curl/commit/6e1e9caa32da0995
Bugs: 
Priority: medium
Discovered-by: Phan Thanh
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_curl:
 upstream: https://github.com/curl/curl/commit/535432c0adb62fe167ec09621500470b6fa4eb0f
upstream_curl: released (7.59.0)
precise/esm_curl: released (7.22.0-3ubuntu4.21)
trusty_curl: released (7.35.0-1ubuntu2.15)
trusty/esm_curl: released (7.35.0-1ubuntu2.15)
xenial_curl: released (7.47.0-1ubuntu2.7)
esm-infra/xenial_curl: released (7.47.0-1ubuntu2.7)
artful_curl: released (7.55.1-1ubuntu2.4)
bionic_curl: released (7.58.0-2ubuntu3)
devel_curl: released (7.58.0-2ubuntu3)