CVE-2018-16890Out-of-bounds Read in Libcurl

CWE-125Out-of-bounds ReadCWE-190Integer Overflow or Wraparound10 documents8 sources
Severity
7.5HIGHNVD
EPSS
1.4%
top 19.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Haxx CurlHaxx LibcurlF5 Big-ip Access Policy Manager+8 more
Timeline
PublishedFeb 6
Latest updateMay 13

Description

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

NVDhaxx/libcurl7.36.07.64.0
NVDoracle/http_server12.2.1.3.0
Debianhaxx/curl< 7.64.0-1+3
Ubuntuhaxx/curl< 7.35.0-1ubuntu2.20+2
NVDf5/big-ip_access_policy_manager13.1.013.1.3+2

Also affects: Debian Linux 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10, Enterprise Linux 8.0

Patches

Patch: bugzilla.redhat.comPatch: curl.haxx.sePatch: security.netapp.com

🔴Vulnerability Details

4
GHSA
GHSA-53fg-3j53-939q: libcurl versions from 72022-05-13
CVEList
CVE-2018-16890: libcurl versions from 72019-02-06
OSV
CVE-2018-16890: libcurl versions from 72019-02-06
OSV
curl vulnerabilities2019-02-06

📋Vendor Advisories

3
Ubuntu
curl vulnerabilities2019-02-06
Red Hat
curl: NTLM type-2 heap out-of-bounds buffer read2019-02-06
Debian
CVE-2018-16890: curl - libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out...2018

💬Community

2
Bugzilla
CVE-2018-16890 curl: NTLM type-2 heap out-of-bounds buffer read [fedora-all]2019-02-06
Bugzilla
CVE-2018-16890 curl: NTLM type-2 heap out-of-bounds buffer read2019-01-29
CVE-2018-16890 — Out-of-bounds Read in Haxx Libcurl | cvebase