CVE-2018-14618Integer Overflow or Wraparound in Libcurl

CWE-190Integer Overflow or WraparoundCWE-131Incorrect Calculation of Buffer SizeCWE-122Heap-based Buffer Overflow11 documents9 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 34.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Haxx CurlHaxx LibcurlCanonical Ubuntu Linux+2 more
Timeline
PublishedSep 5
Latest updateMay 14

Description

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDhaxx/libcurl< 7.61.1
Debianhaxx/curl< 7.62.0-1+3

Also affects: Debian Linux 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, Enterprise Linux 6.0, 7.0, 7.4, 7.5, 7.6

🔴Vulnerability Details

3
GHSA
GHSA-4mp9-8964-jxmg: curl before version 72022-05-14
CVEList
CVE-2018-14618: curl before version 72018-09-05
OSV
CVE-2018-14618: curl before version 72018-09-05

📋Vendor Advisories

4
Ubuntu
curl vulnerability2018-09-17
Ubuntu
curl vulnerability2018-09-17
Red Hat
curl: NTLM password overflow via integer overflow2018-09-05
Debian
CVE-2018-14618: curl - curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authent...2018

💬Community

3
HackerOne
CVE-2019-5435: An integer overflow found in /lib/urlapi.c2020-12-05
Bugzilla
CVE-2018-14618 curl: NTLM password overflow via integer overflow [fedora-all]2018-09-05
Bugzilla
CVE-2018-14618 curl: NTLM password overflow via integer overflow2018-08-27
CVE-2018-14618 — Integer Overflow or Wraparound | cvebase