Search for packages
| purl | pkg:alpm/archlinux/curl@7.60.0-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-pzuz-3b4a-a3hn
Aliases: CVE-2018-0500 |
Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value). |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-gxy3-42ff-6bf8 | curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0. |
CVE-2018-1000300
|
| VCID-ze2y-dwjd-jfa8 | curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. |
CVE-2018-1000301
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-31T11:37:05.249685+00:00 | Arch Linux Importer | Affected by | VCID-pzuz-3b4a-a3hn | https://security.archlinux.org/AVG-729 | 37.0.0 |
| 2025-07-31T11:35:24.074136+00:00 | Arch Linux Importer | Fixing | VCID-gxy3-42ff-6bf8 | https://security.archlinux.org/AVG-694 | 37.0.0 |
| 2025-07-31T11:35:24.047285+00:00 | Arch Linux Importer | Fixing | VCID-ze2y-dwjd-jfa8 | https://security.archlinux.org/AVG-694 | 37.0.0 |