CVE-2018-1000120
Description
A buffer overflow in curl's FTP URL handling (7.12.3 through 7.58.0) allows attackers to cause denial of service or potentially execute arbitrary code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow in curl's FTP URL handling (7.12.3 through 7.58.0) allows attackers to cause denial of service or potentially execute arbitrary code.
Vulnerability
A buffer overflow vulnerability exists in curl versions 7.12.3 through and including 7.58.0 in the FTP URL handling code. The flaw occurs when curl processes specially crafted FTP URLs, leading to an out-of-bounds write via a NUL byte overflow. The affected versions are those listed in the description and confirmed by Red Hat errata [1][2].
Exploitation
An attacker must be able to make a victim or automated process using curl (or libcurl) connect to a malicious FTP server, or inject a crafted FTP URL into a request. No special privileges or authentication are required beyond network access to trigger the vulnerability. The attacker controls the FTP path to induce a NIL byte out-of-bounds write [2].
Impact
Successful exploitation can cause a denial of service (crash) due to the buffer overflow, or potentially lead to arbitrary code execution depending on the memory layout and mitigations. The CVSS base score provided by Red Hat is moderate, indicating the risk of information disclosure, crashes, or code execution under certain conditions [2].
Mitigation
Red Hat released patched versions of curl for Red Hat Enterprise Linux 7 (via RHSA-2018:3157) and for Red Hat Software Collections (via RHSA-2018:3558) that update curl to version 7.61.1 or later, which includes the fix [1][2]. Users should upgrade to the fixed curl version or apply the relevant patches. No workarounds are documented in the available references.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
curlNuGet | >= 7.12.3 | — |
Affected products
21- ghsa-coords21 versionspkg:nuget/curlpkg:rpm/opensuse/curl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/curl&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/curl-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/curl-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/curl-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011-SECURITY
>= 7.12.3+ 20 more
- (no CPE)range: >= 7.12.3
- (no CPE)range: < 7.79.1-1.1
- (no CPE)range: < 7.37.0-37.17.1
- (no CPE)range: < 7.37.0-37.17.1
- (no CPE)range: < 7.37.0-70.27.1
- (no CPE)range: < 7.37.0-70.27.1
- (no CPE)range: < 7.37.0-70.27.1
- (no CPE)range: < 7.37.0-70.27.1
- (no CPE)range: < 7.37.0-37.17.1
- (no CPE)range: < 7.37.0-37.17.1
- (no CPE)range: < 7.37.0-37.17.1
- (no CPE)range: < 7.37.0-70.27.1
- (no CPE)range: < 7.37.0-37.17.1
- (no CPE)range: < 7.37.0-37.17.1
- (no CPE)range: < 7.37.0-70.27.1
- (no CPE)range: < 7.37.0-37.17.1
- (no CPE)range: < 7.37.0-37.17.1
- (no CPE)range: < 7.19.7-1.20.53.16.1
- (no CPE)range: < 7.37.0-70.27.1
- (no CPE)range: < 7.37.0-70.27.1
- (no CPE)range: < 7.37.0-70.27.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
25- access.redhat.com/errata/RHBA-2019:0327ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:3157ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:3558ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:1543ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0544ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0594ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-674j-7m97-j2p9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1000120ghsaADVISORY
- usn.ubuntu.com/3598-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/3598-2/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2018/dsa-4136ghsavendor-advisoryx_refsource_DEBIANWEB
- www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlghsax_refsource_CONFIRMWEB
- www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlghsax_refsource_CONFIRMWEB
- www.securityfocus.com/bid/103414mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1040531mitrevdb-entryx_refsource_SECTRACK
- curl.haxx.se/docs/adv_2018-9cd6.htmlghsax_refsource_CONFIRMWEB
- curl.se/docs/CVE-2018-1000120.htmlghsaWEB
- lists.debian.org/debian-lts-announce/2018/03/msg00012.htmlghsamailing-listx_refsource_MLISTWEB
- usn.ubuntu.com/3598-1ghsaWEB
- usn.ubuntu.com/3598-2ghsaWEB
- web.archive.org/web/20201220134105/http://www.securitytracker.com/id/1040531ghsaWEB
- web.archive.org/web/20201220134609/http://www.securityfocus.com/bid/103414ghsaWEB
- www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlghsax_refsource_CONFIRMWEB
- www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlghsax_refsource_MISCWEB
- www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.