Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2018-16842 - log back

CVE-2018-16842 created at 25 Sep 2019 19:31:40

Severity

+

Medium

Remote

+

Remote

Type

+	Information disclosure

Description

+	Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
+	This display function formats the output to wrap at 80 columns. The wrap logic is however flawed, so if a single word in the message is itself longer than 80 bytes the buffer arithmetic calculates the remainder wrong and will end up reading behind the end of the buffer.

References

+	https://curl.haxx.se/docs/CVE-2018-16842.html
+	https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211

Notes