VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 24, 2018· Updated Aug 5, 2024

CVE-2018-1000005

CVE-2018-1000005

Description

libcurl 7.49.0-7.57.0 has an out-of-bounds read in HTTP/2 trailer handling, leading to DoS or information disclosure.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

libcurl 7.49.0-7.57.0 has an out-of-bounds read in HTTP/2 trailer handling, leading to DoS or information disclosure.

## Vulnerability libcurl versions 7.49.0 through 7.57.0 inclusive contain an out-of-bounds read vulnerability in the code handling HTTP/2 trailers. When creating HTTP/1-like headers from HTTP/2 trailer data, the buffer size was miscalculated by one byte, causing a read beyond allocated memory. [1][3]

Exploitation

An attacker can trigger this by sending a crafted HTTP/2 response with trailers to a vulnerable libcurl client. No authentication is required; the attacker only needs network access to deliver the malicious response. The out-of-bounds read can cause a crash or pass oversized data to the client write callback. [3][4]

Impact

Successful exploitation leads to a denial of service (crash) or possible information disclosure if the application echoes back or processes the trailer data. The vulnerability has a CVSS severity of Low according to the curl project, but Red Hat rated it Important. [1][3]

Mitigation

The vulnerability is fixed in libcurl version 7.58.0. Users should upgrade to 7.58.0 or apply the patch from commit fa3dbb9a. Red Hat issued RHSA-2019:1543 for affected products, and Ubuntu published USN-3554-1. No workaround is available. [1][2][3]

References
  1. https://access.redhat.com/errata/RHSA-2019:1543
  2. USN-3554-1: curl vulnerabilities | Ubuntu security notices | Ubuntu
  3. curl - HTTP/2 trailer out-of-bounds read
  4. http2.c: fix incorrect trailer buffer size by ZhouyihaiDing · Pull Request #2231 · curl/curl

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

6

News mentions

0

No linked articles in our index yet.