CVE-2018-16890 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-877 | libcurl-gnutls | 7.63.0-2 | 7.64.0-1 | High | Fixed | |
| AVG-876 | lib32-libcurl-gnutls | 7.63.0-2 | 7.64.0-1 | High | Fixed | |
| AVG-875 | lib32-libcurl-compat | 7.63.0-2 | 7.64.0-1 | High | Fixed | |
| AVG-874 | lib32-curl | 7.63.0-2 | 7.64.0-1 | High | Fixed | |
| AVG-873 | curl | 7.63.0-4 | 7.64.0-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 12 Feb 2019 | ASA-201902-9 | AVG-873 | curl | High | arbitrary code execution |
| 12 Feb 2019 | ASA-201902-13 | AVG-874 | lib32-curl | High | arbitrary code execution |
| 12 Feb 2019 | ASA-201902-12 | AVG-875 | lib32-libcurl-compat | High | arbitrary code execution |
| 12 Feb 2019 | ASA-201902-11 | AVG-876 | lib32-libcurl-gnutls | High | arbitrary code execution |
| 12 Feb 2019 | ASA-201902-10 | AVG-877 | libcurl-gnutls | High | arbitrary code execution |
| References |
|---|
https://curl.haxx.se/docs/CVE-2018-16890.html https://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb |