cURL LDAP URL Processing Null Pointer Dereference Remote Denial of Service Vulnerability [CVE-2018-1000121]
CVE Number – CVE-2018-1000121
A vulnerability in cURL could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists in the ldap_get_attribute_ber() function, and is due to improper memory operations performed by the affected software. An attacker could exploit this vulnerability by causing a null pointer dereference on an affected system. A successful exploit could cause the affected software to stop responding, resulting in a DoS condition.
The cURL Project has confirmed this vulnerability and released software updates.
-
To exploit this vulnerability, the attacker may need to access trusted internal networks. This access requirement could reduce the likelihood of a successful exploit.
-
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to access network systems.
Administrators are advised to monitor affected systems.
-
The cURL Project has released a security advisory at the following link: LDAP NULL pointer dereference
-
The cURL Project has released a software patch at the following link: cURL v7.59.0
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.