{"id":"CURL-CVE-2018-1000121","summary":"LDAP NULL pointer dereference","details":"curl might dereference a near-NULL address when getting an LDAP URL.\n\nThe function `ldap_get_attribute_ber()` is called to get attributes, but it\nturns out that it can return `LDAP_SUCCESS` and still return a `NULL` pointer\nin the result pointer when getting a particularly crafted response. This was a\nsurprise to us and to the code.\n\nlibcurl-using applications that allow LDAP URLs, or that allow redirects to\nLDAP URLs could be made to crash by a malicious server.","aliases":["CVE-2018-1000121"],"modified":"2026-05-21T06:00:28.730224391Z","published":"2018-03-14T08:00:00Z","database_specific":{"URL":"https://curl.se/docs/CVE-2018-1000121.json","affects":"both","CWE":{"desc":"NULL Pointer Dereference","id":"CWE-476"},"last_affected":"7.58.0","severity":"Low","www":"https://curl.se/docs/CVE-2018-1000121.html","package":"curl"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.21.0"},{"fixed":"7.59.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"2e056353b00d0944bdb2f8e948cc40a4dc0f3dfb"},{"fixed":"9889db043393092e9d4b5a42720bba0b3d58deba"}]}],"versions":["7.58.0","7.57.0","7.56.1","7.56.0","7.55.1","7.55.0","7.54.1","7.54.0","7.53.1","7.53.0","7.52.1","7.52.0","7.51.0","7.50.3","7.50.2","7.50.1","7.50.0","7.49.1","7.49.0","7.48.0","7.47.1","7.47.0","7.46.0","7.45.0","7.44.0","7.43.0","7.42.1","7.42.0","7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0","7.36.0","7.35.0","7.34.0","7.33.0","7.32.0","7.31.0","7.30.0","7.29.0","7.28.1","7.28.0","7.27.0","7.26.0","7.25.0","7.24.0","7.23.1","7.23.0","7.22.0","7.21.7","7.21.6","7.21.5","7.21.4","7.21.3","7.21.2","7.21.1","7.21.0","curl-7_58_0","curl-7_57_0","curl-7_56_1","curl-7_56_0","curl-7_55_1","curl-7_55_0","curl-7_54_1","curl-7_54_0","curl-7_53_1","curl-7_53_0","curl-7_52_1","curl-7_52_0","curl-7_51_0","curl-7_50_3","curl-7_50_2","curl-7_50_1","curl-7_50_0","curl-7_49_1","curl-7_49_0","curl-7_48_0","curl-7_47_1","curl-7_47_0","curl-7_46_0","curl-7_45_0","curl-7_44_0","curl-7_43_0","curl-7_42_1","curl-7_42_0","curl-7_41_0","curl-7_40_0","curl-7_39_0","curl-7_38_0","curl-7_37_1","curl-7_37_0","curl-7_36_0","curl-7_35_0","curl-7_34_0","curl-7_33_0","curl-7_32_0","curl-7_31_0","curl-7_30_0","curl-7_29_0","curl-7_28_1","curl-7_28_0","curl-7_27_0","curl-7_26_0","curl-7_25_0","curl-7_24_0","curl-7_23_1","curl-7_23_0","curl-7_22_0","curl-7_21_7","curl-7_21_6","curl-7_21_5","curl-7_21_4","curl-7_21_3","curl-7_21_2","curl-7_21_1","curl-7_21_0"],"database_specific":{"source":"https://curl.se/docs/CURL-CVE-2018-1000121.json"}}],"schema_version":"1.7.5","credits":[{"name":"Dario Weisser","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}