CVE-2018-16890
published 2019-02-06CVE-2018-16890: libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | curl | < curl 7.64.0-1 (bookworm) | curl 7.64.0-1 (bookworm) |
| debian | debian_linux | — | — |
| f5 | big-ip_access_policy_manager | 13.1.0 – 13.1.3 | — |
| f5 | big-ip_access_policy_manager | 14.0.0 – 14.1.2 | — |
| f5 | big-ip_access_policy_manager | 15.0.0 – 15.0.1 | — |
| haxx | curl | >= 0 < 7.64.0-1 | 7.64.0-1 |
| haxx | curl | >= 0 < 7.64.0-1 | 7.64.0-1 |
| haxx | curl | >= 0 < 7.64.0-1 | 7.64.0-1 |
| haxx | curl | >= 0 < 7.64.0-1 | 7.64.0-1 |
| haxx | curl | >= 0 < 7.35.0-1ubuntu2.20 | 7.35.0-1ubuntu2.20 |
| haxx | curl | >= 0 < 7.47.0-1ubuntu2.12 | 7.47.0-1ubuntu2.12 |
| haxx | curl | >= 0 < 7.58.0-2ubuntu3.6 | 7.58.0-2ubuntu3.6 |
| haxx | libcurl | >= 7.36.0 < 7.64.0 | 7.64.0 |
| oracle | communications_operations_monitor | — | — |
| oracle | communications_operations_monitor | — | — |
| oracle | http_server | — | — |
| oracle | secure_global_desktop | — | — |
| redhat | enterprise_linux | — | — |
| siemens | sinema_remote_connect_client | <= 2.0 | — |
| the_curl_project | curl | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH