CVEs-PoC/2018/CVE-2018-0500.md

### [CVE-2018-0500](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0500)
![](https://img.shields.io/static/v1?label=Product&message=curl%20before%207.61.0&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=heap-based%20buffer%20overflow&color=brighgreen)

### Description

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon