ios_system A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code

A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code

Open hucarxiao opened this issue 1 year ago • 0 comments

Version latest

What is the security issue or vulnerability? curl/curl/lib/openldap.c A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service

start from 446 line : struct berval bv, *bvals, **bvp = &bvals;

Security issue or vulnerability information description: https://nvd.nist.gov/vuln/detail/CVE-2018-1000121

commit:https://github.com/curl/curl/commit/9889db043393092e9d4b5a42720bba0b3d58deba

Could you apply for another new CVE and fix it?

openldap: check ldap_get_attribute_ber() results for NULL before using https://github.com/advisories/GHSA-cj5p-4f7c-6w3g Reported-by: Dario Weisser Bug: https://curl.haxx.se/docs/adv_2018-97a2.html

Dec 15 '23 03:12 hucarxiao

ios_system ios_system copied to clipboard

A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code

ios_system
ios_system copied to clipboard