suse · CVE-2018-0500

Quick triage

Priority: high Published: 2021-05-30 14:06:36 UTC Updated: 2026-04-17 15:44:57 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-0500 severity important: SUSE including 348 source package names (0.1.0:libcurl4-7.60.0-3.6.4, 0.1.75:libcurl4-7.60.0-3.6.4, …), 417 product×package rows across 89 product lines (Container caasp/v4/389-ds, Container caasp/v4/busybox, … (89 product lines)): Fixed 212, Known Affected 157, Known Not Affected 48.

Description:

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).

cvelogic Threat Intelligence