VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-3zfn-535d-mkbg

Essentials
Severities (26)
References (30)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-3zfn-535d-mkbg
Aliases	CVE-2018-1000005
Summary	libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.
Status	Published
Exploitability	0.5
Weighted Severity	8.2
Risk	4.1
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-126	Buffer Over-read
CWE-125	Out-of-bounds Read

System	Score	Found at
cvssv3	4.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000005.json
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2018-1000005
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2018-1000005
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2018-1000005
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2018-1000005
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2018-1000005
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2018-1000005
epss	0.00356	https://api.first.org/data/v1/epss?cve=CVE-2018-1000005
epss	0.00356	https://api.first.org/data/v1/epss?cve=CVE-2018-1000005
epss	0.00356	https://api.first.org/data/v1/epss?cve=CVE-2018-1000005
epss	0.00356	https://api.first.org/data/v1/epss?cve=CVE-2018-1000005
epss	0.00356	https://api.first.org/data/v1/epss?cve=CVE-2018-1000005
epss	0.00356	https://api.first.org/data/v1/epss?cve=CVE-2018-1000005
epss	0.00356	https://api.first.org/data/v1/epss?cve=CVE-2018-1000005
epss	0.00356	https://api.first.org/data/v1/epss?cve=CVE-2018-1000005
epss	0.00356	https://api.first.org/data/v1/epss?cve=CVE-2018-1000005
epss	0.00356	https://api.first.org/data/v1/epss?cve=CVE-2018-1000005
cvssv3.1	Low	https://curl.se/docs/CVE-2018-1000005.html
cvssv2	6.4	https://nvd.nist.gov/vuln/detail/CVE-2018-1000005
cvssv3	9.1	https://nvd.nist.gov/vuln/detail/CVE-2018-1000005
archlinux	Medium	https://security.archlinux.org/AVG-593
archlinux	Medium	https://security.archlinux.org/AVG-594
archlinux	Medium	https://security.archlinux.org/AVG-595
archlinux	Medium	https://security.archlinux.org/AVG-596
archlinux	Medium	https://security.archlinux.org/AVG-597
archlinux	Medium	https://security.archlinux.org/AVG-598

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2019:1543
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000005.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-1000005
		https://curl.haxx.se/docs/adv_2018-824a.html
		https://curl.se/docs/CVE-2018-1000005.html
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000005
		https://github.com/curl/curl/pull/2231
		https://www.debian.org/security/2018/dsa-4098
		http://www.securitytracker.com/id/1040273
1536013		https://bugzilla.redhat.com/show_bug.cgi?id=1536013
ASA-201801-20		https://security.archlinux.org/ASA-201801-20
ASA-201801-22		https://security.archlinux.org/ASA-201801-22
ASA-201801-23		https://security.archlinux.org/ASA-201801-23
ASA-201801-24		https://security.archlinux.org/ASA-201801-24
ASA-201801-25		https://security.archlinux.org/ASA-201801-25
ASA-201801-26		https://security.archlinux.org/ASA-201801-26
AVG-593		https://security.archlinux.org/AVG-593
AVG-594		https://security.archlinux.org/AVG-594
AVG-595		https://security.archlinux.org/AVG-595
AVG-596		https://security.archlinux.org/AVG-596
AVG-597		https://security.archlinux.org/AVG-597
AVG-598		https://security.archlinux.org/AVG-598
cpe:2.3:a:haxx:libcurl::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl::::::::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
cpe:2.3:o:debian:debian_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
CVE-2018-1000005		https://nvd.nist.gov/vuln/detail/CVE-2018-1000005
USN-3554-1		https://usn.ubuntu.com/3554-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000005.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-1000005

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-1000005

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.55906
EPSS Score	0.00338
Published At	Aug. 10, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:31:15.445355+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.5/main.json	37.0.0