CVE-2018-16842 log

Severity Medium
Remote Yes
Type Information disclosure
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
This display function formats the output to wrap at 80 columns. The wrap logic is however flawed, so if a single word in the message is itself longer than 80 bytes the buffer arithmetic calculates the remainder wrong and will end up reading behind the end of the buffer.
Group Package Affected Fixed Severity Status Ticket
AVG-795 curl 7.61.1-3 7.62.0-1 High Fixed
Date Advisory Group Package Severity Type
06 Nov 2018 ASA-201811-4 AVG-795 curl High multiple issues