CVE-2018-16840Use After Free in Curl

CWE-416Use After Free12 documents9 sources
Severity
9.8CRITICALNVD
EPSS
0.3%
top 46.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Haxx CurlTHE Curl Project CurlCanonical Ubuntu Linux+1 more
Timeline
PublishedOct 31
Latest updateSep 4

Description

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

NVDhaxx/curl7.59.07.62.0
Debianhaxx/curl< 7.62.0-1+3
Ubuntuhaxx/curl< 7.35.0-1ubuntu2.19+2
CVEListV5the_curl_project/curlfrom 7.59.0 to 7.61.1
Palo Altopaloalto/pan-os

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 18.10

Patches

Patch: curl.haxx.sePatch: github.comPatch: curl.haxx.se

🔴Vulnerability Details

4
GHSA
GHSA-6vwf-m72q-cw8h: A heap use-after-free flaw was found in curl versions from 72022-05-13
OSV
curl vulnerabilities2018-10-31
OSV
CVE-2018-16840: A heap use-after-free flaw was found in curl versions from 72018-10-31
CVEList
CVE-2018-16840: A heap use-after-free flaw was found in curl versions from 72018-10-31

📋Vendor Advisories

4
Palo Alto
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-09-04
Ubuntu
curl vulnerabilities2018-10-31
Red Hat
curl: Use-after-free when closing "easy" handle in Curl_close()2018-10-31
Debian
CVE-2018-16840: curl - A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1...2018

💬Community

3
Bugzilla
CVE-2018-16840 mingw-curl: curl: Use-after-free when closing "easy" handle in Curl_close() [epel-7]2018-10-31
Bugzilla
CVE-2018-16840 curl: Use-after-free when closing "easy" handle in Curl_close() [fedora-all]2018-10-31
Bugzilla
CVE-2018-16840 curl: Use-after-free when closing "easy" handle in Curl_close()2018-10-24
CVE-2018-16840 — Use After Free in Haxx Curl | cvebase