{"id":"USN-3710-1","summary":"curl vulnerability","details":"Peter Wu discovered that curl incorrectly handled certain SMTP buffers. A\nremote attacker could use this issue to cause curl to crash, resulting in a\ndenial of service, or possibly execute arbitrary code.\n","modified":"2026-02-10T04:41:23Z","published":"2018-07-11T12:14:14Z","related":["UBUNTU-CVE-2018-0500"],"upstream":["CVE-2018-0500","UBUNTU-CVE-2018-0500"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3710-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-0500"}],"affected":[{"package":{"name":"curl","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/curl@7.58.0-2ubuntu3.2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.58.0-2ubuntu3.2"}]}],"versions":["7.55.1-1ubuntu2","7.55.1-1ubuntu2.1","7.57.0-1ubuntu1","7.58.0-2ubuntu1","7.58.0-2ubuntu2","7.58.0-2ubuntu3","7.58.0-2ubuntu3.1"],"ecosystem_specific":{"binaries":[{"binary_name":"curl","binary_version":"7.58.0-2ubuntu3.2"},{"binary_name":"libcurl3-gnutls","binary_version":"7.58.0-2ubuntu3.2"},{"binary_name":"libcurl3-nss","binary_version":"7.58.0-2ubuntu3.2"},{"binary_name":"libcurl4","binary_version":"7.58.0-2ubuntu3.2"},{"binary_name":"libcurl4-gnutls-dev","binary_version":"7.58.0-2ubuntu3.2"},{"binary_name":"libcurl4-nss-dev","binary_version":"7.58.0-2ubuntu3.2"},{"binary_name":"libcurl4-openssl-dev","binary_version":"7.58.0-2ubuntu3.2"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-0500"}],"ecosystem":"Ubuntu:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3710-1.json"}}],"schema_version":"1.7.3"}