CVE-2018-16842 - log back

CVE-2018-16842 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
+ This display function formats the output to wrap at 80 columns. The wrap logic is however flawed, so if a single word in the message is itself longer than 80 bytes the buffer arithmetic calculates the remainder wrong and will end up reading behind the end of the buffer.
References
+ https://curl.haxx.se/docs/CVE-2018-16842.html
+ https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211
Notes