CVE-2018-1000122

Public on 2018-04-19
Modified on 2019-01-09
Description
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
Severity
Medium
CVSS v3 Base Score
6.5
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 curl 2018-04-19 04:55 ALAS2-2018-995
Amazon Linux 2 nss-pem 2019-01-07 21:51 ALAS2-2019-1139
Amazon Linux 1 curl 2018-04-19 04:56 ALAS-2018-995

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
NVD CVSSv2 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P
NVD CVSSv3 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H