The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.
CVSS Details
- CVSS 3.1 Base Score: 9.8
- CVSS 3.1 Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
- CVSS 3.0 Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Covered by Rapid7
| Product | Vendor Advisory | Solution File | Added | Published |
|---|---|---|---|---|
| Alpine Linux | alpine-linux-upgrade-curl | Dec 8, 2017 | Nov 29, 2017 | |
| Amazon Linux Ami 2 | amazon-linux-ami-2-upgrade-curlamazon-linux-ami-2-upgrade-curl-debuginfoamazon-linux-ami-2-upgrade-libcurlamazon-linux-ami-2-upgrade-libcurl-devel | Apr 27, 2020 | Nov 29, 2017 | |
| Amazon_linux | — | amazon-linux-upgrade-curl | Jan 4, 2018 | Nov 29, 2017 |
| Apple Osx Curl | apple-osx-upgrade-latest | Jan 24, 2018 | Nov 29, 2017 | |
| Arch Linux | arch-linux-upgrade-latest | Jul 11, 2025 | Nov 29, 2017 | |
| Debian | debian-upgrade-curl | Nov 29, 2017 | Nov 29, 2017 | |
| Freebsd | freebsd-upgrade-package-curlfreebsd-upgrade-package-linux-c7-curl | Nov 29, 2017 | Nov 29, 2017 | |
| Gentoo Linux | gentoo-linux-upgrade-net-misc-curl | Dec 18, 2017 | Nov 29, 2017 | |
| Huawei Euleros 2_0_sp1 | huawei-euleros-2_0_sp1-upgrade-curlhuawei-euleros-2_0_sp1-upgrade-libcurlhuawei-euleros-2_0_sp1-upgrade-libcurl-devel | Feb 13, 2018 | Nov 29, 2017 | |
| Huawei Euleros 2_0_sp2 | huawei-euleros-2_0_sp2-upgrade-curlhuawei-euleros-2_0_sp2-upgrade-libcurlhuawei-euleros-2_0_sp2-upgrade-libcurl-devel | Feb 13, 2018 | Nov 29, 2017 | |
| Oracle Solaris | oracle-solaris-11-3-upgrade-web-curl-7-59-0-0-175-3-33-0-3-0 | Jun 18, 2018 | Nov 29, 2017 | |
| Redhat_linux | — | no-fix-redhat-rpm-package | Jul 9, 2025 | Nov 29, 2017 |
| Suse | — | suse-upgrade-curlsuse-upgrade-libcurl-develsuse-upgrade-libcurl4suse-upgrade-libcurl4-32bit | Jan 18, 2018 | Nov 29, 2017 |
| Ubuntu | ubuntu-upgrade-curlubuntu-upgrade-libcurl3ubuntu-upgrade-libcurl3-gnutlsubuntu-upgrade-libcurl3-nss | Nov 29, 2017 | Nov 29, 2017 | |
| Vmware Photon_os | vmware-photon_os_update_tdnf | Jan 20, 2025 | Nov 29, 2017 |
Prioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub