CVE-2017-8818

Impact:
Moderate
Public Date:
2017-11-29
CWE:
CWE-125
Bugzilla:
1517691: CVE-2017-8818 curl: Out-of-bound access in SSL related cleanup code

The MITRE CVE dictionary describes this issue as:

curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.

Find out more about CVE-2017-8818 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 7.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Software Collections for Red Hat Enterprise Linux httpd24-curl Not affected
Red Hat Enterprise Linux 8 curl Not affected
Red Hat Enterprise Linux 7 curl Not affected
Red Hat Enterprise Linux 6 curl Not affected
Red Hat Enterprise Linux 5 curl Not affected
Red Hat Ceph Storage 2 curl Not affected
.NET Core 2.0 on Red Hat Enterprise Linux rh-dotnet20-curl Not affected
.NET Core 1.0 on Red Hat Enterprise Linux rh-dotnetcore10-curl Not affected
.NET Core 1.0 on Red Hat Enterprise Linux rh-dotnetcore11-curl Not affected

Acknowledgements

Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges John Schoenick as the original reporter.

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation