Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-1000005

EPSS 0.36% · P59
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-1000005

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Haxx libcurl 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Haxx libcurl是瑞典Haxx公司的一个免费、开源的客户端URL传输库。该库支持FTP、FTPS、TFTP、HTTP等。 Haxx libcurl 7.49.0版本至7.57.0版本中的code handling HTTP/2 trailers存在安全漏洞。攻击者可利用该漏洞获取信息或造成拒绝服务(越边界读取或崩溃)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2018-1000005

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2018-1000005

登录查看更多情报信息。

Same Patch Batch · n/a · 2018-01-24 · 35 CVEs total

CVE-2018-5978Facebook Style Php Ajax Chat Zechat SQL注入漏洞
CVE-2018-6018Match Group Tinder iOS app和Tinder Android app 安全漏洞
CVE-2017-1000475FreeSSHd 安全漏洞
CVE-2018-1000018ovirt-hosted-engine-setup 信息泄露漏洞
CVE-2017-18075Linux kernel 资源管理错误漏洞
CVE-2018-5969Photography CMS 跨站请求伪造漏洞
CVE-2018-5972Classified Ads CMS Quickad SQL注入漏洞
CVE-2018-5976RSVP Invitation Online 跨站请求伪造漏洞
CVE-2018-5977Affiligator Affiliate Webshop Management System SQL注入漏洞
CVE-2018-6017Match Group Tinder iOS app和Tinder Android app 安全漏洞
CVE-2018-5979Wchat Fully Responsive PHP AJAX Chat Script SQL注入漏洞
CVE-2018-5984Joomla! Tumder SQL注入漏洞
CVE-2018-5985Joomla! LiveCRM SaaS Cloud SQL注入漏洞
CVE-2018-5986Easy Car Script SQL注入漏洞
CVE-2018-5988Flexible Poll SQL注入漏洞
CVE-2018-6184ZEIT Next.js 路径遍历漏洞
CVE-2018-6187Artifex MuPDF 缓冲区错误漏洞
CVE-2018-6192Artifex MuPDF 安全漏洞
CVE-2017-1000503CloudBees Jenkins 竞争条件漏洞
CVE-2017-1000504CloudBees Jenkins 竞争条件漏洞

Showing top 20 of 35 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2018-1000005

No comments yet

Leave a comment