{"id":"USN-3554-1","summary":"curl vulnerabilities","details":"It was discovered that curl incorrectly handled certain data. An attacker\ncould possibly use this to cause a denial of service or even to get access\nto sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10.\n\nIt was discovered that curl could accidentally leak authentication data.\nAn attacker could possibly use this to get access to sensitive information.\n(CVE-2018-1000007)\n","modified":"2026-04-22T09:45:01.186121Z","published":"2018-01-31T22:17:35Z","related":["UBUNTU-CVE-2018-1000005","UBUNTU-CVE-2018-1000007"],"upstream":["CVE-2018-1000005","CVE-2018-1000007","UBUNTU-CVE-2018-1000005","UBUNTU-CVE-2018-1000007"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3554-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-1000005"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-1000007"}],"affected":[{"package":{"name":"curl","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/curl@7.35.0-1ubuntu2.14?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.35.0-1ubuntu2.14"}]}],"versions":["7.32.0-1ubuntu1","7.33.0-1ubuntu1","7.34.0-1ubuntu1","7.35.0-1ubuntu1","7.35.0-1ubuntu2","7.35.0-1ubuntu2.1","7.35.0-1ubuntu2.2","7.35.0-1ubuntu2.3","7.35.0-1ubuntu2.5","7.35.0-1ubuntu2.6","7.35.0-1ubuntu2.7","7.35.0-1ubuntu2.8","7.35.0-1ubuntu2.9","7.35.0-1ubuntu2.10","7.35.0-1ubuntu2.11","7.35.0-1ubuntu2.12","7.35.0-1ubuntu2.13"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"7.35.0-1ubuntu2.14","binary_name":"curl"},{"binary_version":"7.35.0-1ubuntu2.14","binary_name":"libcurl3"},{"binary_version":"7.35.0-1ubuntu2.14","binary_name":"libcurl3-gnutls"},{"binary_version":"7.35.0-1ubuntu2.14","binary_name":"libcurl3-nss"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-1000007"}],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3554-1.json"}},{"package":{"name":"curl","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/curl@7.47.0-1ubuntu2.6?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.47.0-1ubuntu2.6"}]}],"versions":["7.43.0-1ubuntu2","7.45.0-1ubuntu1","7.46.0-1ubuntu1","7.47.0-1ubuntu1","7.47.0-1ubuntu2","7.47.0-1ubuntu2.1","7.47.0-1ubuntu2.2","7.47.0-1ubuntu2.3","7.47.0-1ubuntu2.4","7.47.0-1ubuntu2.5"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"7.47.0-1ubuntu2.6","binary_name":"curl"},{"binary_version":"7.47.0-1ubuntu2.6","binary_name":"libcurl3"},{"binary_version":"7.47.0-1ubuntu2.6","binary_name":"libcurl3-gnutls"},{"binary_version":"7.47.0-1ubuntu2.6","binary_name":"libcurl3-nss"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-1000005"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-1000007"}],"ecosystem":"Ubuntu:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3554-1.json"}}],"schema_version":"1.7.5"}