cURL LDAP URL Processing Null Pointer Dereference Remote Denial of Service Vulnerability [CVE-2018-1000121]

CVE Number – CVE-2018-1000121

A vulnerability in cURL could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists in the ldap_get_attribute_ber() function, and is due to improper memory operations performed by the affected software. An attacker could exploit this vulnerability by causing a null pointer dereference on an affected system. A successful exploit could cause the affected software to stop responding, resulting in a DoS condition.

The cURL Project has confirmed this vulnerability and released software updates.

Analysis
  • To exploit this vulnerability, the attacker may need to access trusted internal networks. This access requirement could reduce the likelihood of a successful exploit.
Safeguards
  • Administrators are advised to apply the appropriate updates.

    Administrators are advised to allow only trusted users to access network systems.

    Administrators are advised to monitor affected systems.

Vendor Announcements
Fixed Software
  • The cURL Project has released a software patch at the following link: cURL v7.59.0





Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: