CVE-2018-16842Out-of-bounds Read in Curl

CWE-125Out-of-bounds Read12 documents8 sources
Severity
9.1CRITICALNVD
EPSS
0.2%
top 62.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Haxx CurlTHE Curl Project CurlCanonical Ubuntu Linux+1 more
Timeline
PublishedOct 31
Latest updateMay 14

Description

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

Debianhaxx/curl< 7.62.0-1+3
NVDhaxx/curl7.14.17.61.1
CVEListV5the_curl_project/curlfrom 7.14.1 to 7.61.1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10

Patches

Patch: curl.haxx.sePatch: github.comPatch: curl.haxx.se

🔴Vulnerability Details

4
GHSA
GHSA-wh7w-vjg6-xh6h: Curl versions 72022-05-14
OSV
CVE-2018-16842: Curl versions 72018-10-31
CVEList
CVE-2018-16842: Curl versions 72018-10-31
OSV
curl vulnerabilities2018-10-31

📋Vendor Advisories

4
Ubuntu
curl vulnerability2018-11-01
Ubuntu
curl vulnerabilities2018-10-31
Red Hat
curl: Heap-based buffer over-read in the curl tool warning formatting2018-10-31
Debian
CVE-2018-16842: curl - Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-r...2018

💬Community

3
Bugzilla
CVE-2018-16842 mingw-curl: curl: Heap-based buffer over-read in the curl tool warning formatting [epel-7]2018-10-31
Bugzilla
CVE-2018-16842 curl: Heap-based buffer over-read in the curl tool warning formatting [fedora-all]2018-10-31
Bugzilla
CVE-2018-16842 curl: Heap-based buffer over-read in the curl tool warning formatting2018-10-30
CVE-2018-16842 — Out-of-bounds Read in Haxx Curl | cvebase