CVE-2018-16890 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Arbitrary code execution |
Description | libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-877 | libcurl-gnutls | 7.63.0-2 | 7.64.0-1 | High | Fixed | |
AVG-876 | lib32-libcurl-gnutls | 7.63.0-2 | 7.64.0-1 | High | Fixed | |
AVG-875 | lib32-libcurl-compat | 7.63.0-2 | 7.64.0-1 | High | Fixed | |
AVG-874 | lib32-curl | 7.63.0-2 | 7.64.0-1 | High | Fixed | |
AVG-873 | curl | 7.63.0-4 | 7.64.0-1 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
12 Feb 2019 | ASA-201902-9 | AVG-873 | curl | High | arbitrary code execution |
12 Feb 2019 | ASA-201902-13 | AVG-874 | lib32-curl | High | arbitrary code execution |
12 Feb 2019 | ASA-201902-12 | AVG-875 | lib32-libcurl-compat | High | arbitrary code execution |
12 Feb 2019 | ASA-201902-11 | AVG-876 | lib32-libcurl-gnutls | High | arbitrary code execution |
12 Feb 2019 | ASA-201902-10 | AVG-877 | libcurl-gnutls | High | arbitrary code execution |
References |
---|
https://curl.haxx.se/docs/CVE-2018-16890.html https://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb |