VulnerableCode Package Details - pkg:alpm/archlinux/libcurl-gnutls@7.59.0-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-gxy3-42ff-6bf8 Aliases: CVE-2018-1000300	curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.	7.60.0-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ze2y-dwjd-jfa8 Aliases: CVE-2018-1000301	curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.	7.60.0-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-gxy3-42ff-6bf8
Aliases:
CVE-2018-1000300

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.

7.60.0-1
Affected by 1 other vulnerability.

VCID-ze2y-dwjd-jfa8
Aliases:
CVE-2018-1000301

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.

7.60.0-1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-3hax-q2kc-eye5	A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.	CVE-2018-1000120 GHSA-674j-7m97-j2p9
VCID-64ub-z1u6-u3ht	A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service	CVE-2018-1000121
VCID-tuju-mv12-pugm	A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage	CVE-2018-1000122

Vulnerability

Summary

Aliases

VCID-3hax-q2kc-eye5

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.

CVE-2018-1000120
GHSA-674j-7m97-j2p9

VCID-64ub-z1u6-u3ht

A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service

CVE-2018-1000121

VCID-tuju-mv12-pugm

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage

CVE-2018-1000122

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-31T11:38:16.839167+00:00	Arch Linux Importer	Fixing	VCID-3hax-q2kc-eye5	https://security.archlinux.org/AVG-661	37.0.0
2025-07-31T11:38:16.811264+00:00	Arch Linux Importer	Fixing	VCID-64ub-z1u6-u3ht	https://security.archlinux.org/AVG-661	37.0.0
2025-07-31T11:38:16.784580+00:00	Arch Linux Importer	Fixing	VCID-tuju-mv12-pugm	https://security.archlinux.org/AVG-661	37.0.0
2025-07-31T11:35:23.770893+00:00	Arch Linux Importer	Affected by	VCID-gxy3-42ff-6bf8	https://security.archlinux.org/AVG-699	37.0.0
2025-07-31T11:35:23.740452+00:00	Arch Linux Importer	Affected by	VCID-ze2y-dwjd-jfa8	https://security.archlinux.org/AVG-699	37.0.0