VulniosVulnios
All Threat Alerts
criticalCVE Alert
CVE-2018-1000301

Critical Vulnerability: CVE-2018-1000301 — debian, canonical — debian_linux, ubuntu_linux

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.

Wednesday, April 15, 2026debian, canonicalVulnios Threat Intelligence
Share:

Executive Summary

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.

Why It Matters

CVE-2018-1000301 is rated CRITICAL severity, requiring immediate attention from security teams.

CVSS Base Score: 9.1/10

EPSS (Exploit Prediction): 2.8% probability of exploitation in the next 30 days.

Affected Technologies

Vendors: debian, canonical, haxx, redhat, oracle

Products: debian_linux, ubuntu_linux, curl, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_workstation, communications_webrtc_session_controller, enterprise_manager_ops_center, peoplesoft_enterprise_peopletools

🛡️What Defenders Should Check

  • Check if you are affected — Review your asset inventory for products listed in CVE-2018-1000301.
  • Apply available patches — Visit vendor advisories for the latest security updates.
  • Monitor for exploitation — Check your SIEM/IDS logs for related indicators.

    • Use Vulnios to continuously monitor your exposure to CVE-2018-1000301 and similar vulnerabilities.

    References & Sources

  • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
  • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
  • http://www.securityfocus.com/bid/104225
  • http://www.securitytracker.com/id/1040931
  • https://access.redhat.com/errata/RHBA-2019:0327
  • https://access.redhat.com/errata/RHSA-2018:3157
  • https://access.redhat.com/errata/RHSA-2018:3558
  • https://access.redhat.com/errata/RHSA-2020:0544
  • https://access.redhat.com/errata/RHSA-2020:0594
  • https://curl.haxx.se/docs/adv_2018-b138.html

    • AI Security Advisor

    Powered by Gemini

    Get AI-powered security recommendations tailored to this specific threat — including risk assessment, detection guidance, MITRE ATT&CK mapping, and actionable remediation steps.

    Affected Products

    debian_linuxubuntu_linuxcurlenterprise_linux_desktopenterprise_linux_serverenterprise_linux_workstationcommunications_webrtc_session_controllerenterprise_manager_ops_centerpeoplesoft_enterprise_peopletools

    Sources

    criticaldos

    Protect Your Organization

    Monitor CVEs, scan for vulnerabilities, and get real-time threat alerts — all in one platform.

    Get Started FreeFree Security ScanOSINT Dashboard

    Get instant alerts on Telegram

    Join our public channel for real-time critical CVE alerts.

    Follow @vulnios