{"id":"CURL-CVE-2018-1000121","summary":"LDAP NULL pointer dereference","details":"curl might dereference a near-NULL address when getting an LDAP URL.\n\nThe function `ldap_get_attribute_ber()` is called to get attributes, but it\nturns out that it can return `LDAP_SUCCESS` and still return a `NULL` pointer\nin the result pointer when getting a particularly crafted response. This was a\nsurprise to us and to the code.\n\nlibcurl-using applications that allow LDAP URLs, or that allow redirects to\nLDAP URLs could be made to crash by a malicious server.","aliases":["CVE-2018-1000121"],"modified":"2026-04-25T20:38:46.972507Z","published":"2018-03-14T08:00:00Z","database_specific":{"CWE":{"id":"CWE-476","desc":"NULL Pointer Dereference"},"severity":"Low","package":"curl","last_affected":"7.58.0","www":"https://curl.se/docs/CVE-2018-1000121.html","affects":"both","URL":"https://curl.se/docs/CVE-2018-1000121.json"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.21.0"},{"fixed":"7.59.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"2e056353b00d0944bdb2f8e948cc40a4dc0f3dfb"},{"fixed":"9889db043393092e9d4b5a42720bba0b3d58deba"}]}],"versions":["7.58.0","7.57.0","7.56.1","7.56.0","7.55.1","7.55.0","7.54.1","7.54.0","7.53.1","7.53.0","7.52.1","7.52.0","7.51.0","7.50.3","7.50.2","7.50.1","7.50.0","7.49.1","7.49.0","7.48.0","7.47.1","7.47.0","7.46.0","7.45.0","7.44.0","7.43.0","7.42.1","7.42.0","7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0","7.36.0","7.35.0","7.34.0","7.33.0","7.32.0","7.31.0","7.30.0","7.29.0","7.28.1","7.28.0","7.27.0","7.26.0","7.25.0","7.24.0","7.23.1","7.23.0","7.22.0","7.21.7","7.21.6","7.21.5","7.21.4","7.21.3","7.21.2","7.21.1","7.21.0"],"database_specific":{"source":"https://curl.se/docs/CURL-CVE-2018-1000121.json","vanir_signatures_modified":"2026-04-25T20:38:46Z","vanir_signatures":[{"source":"https://github.com/curl/curl.git/commit/9889db043393092e9d4b5a42720bba0b3d58deba","signature_version":"v1","target":{"function":"ldap_recv","file":"lib/openldap.c"},"digest":{"length":4592,"function_hash":"328887416578178214306654622421626785268"},"id":"CURL-CVE-2018-1000121-ab1e9bb3","signature_type":"Function","deprecated":false},{"source":"https://github.com/curl/curl.git/commit/9889db043393092e9d4b5a42720bba0b3d58deba","signature_version":"v1","target":{"file":"lib/openldap.c"},"digest":{"line_hashes":["66058308195053059303831184805157800240","208522381284363225235985548495567561267","180384795194571577937512636606419807899","116950588264124085603154233862740494801","318624911198468198367229108116250639555","238016220396618899894483569339603354701","36496125730363765297620715070526551016","95658113234756168716412665952919080209","187721295413051310410400220050223779294","266033551554067307004414137609620697488"],"threshold":0.9},"id":"CURL-CVE-2018-1000121-e2a14c76","signature_type":"Line","deprecated":false}]}}],"schema_version":"1.7.5","credits":[{"name":"Dario Weisser","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}