CVE Number – CVE-2018-1000121
A vulnerability in cURL could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists in the ldap_get_attribute_ber() function, and is due to improper memory operations performed by the affected software. An attacker could exploit this vulnerability by causing a null pointer dereference on an affected system. A successful exploit could cause the affected software to stop responding, resulting in a DoS condition.
The cURL Project has confirmed this vulnerability and released software updates.
To exploit this vulnerability, the attacker may need to access trusted internal networks. This access requirement could reduce the likelihood of a successful exploit.
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to access network systems.
Administrators are advised to monitor affected systems.
The cURL Project has released a security advisory at the following link: LDAP NULL pointer dereference
The cURL Project has released a software patch at the following link: cURL v7.59.0