Out-of-bounds Read in curl

Do your applications use this vulnerable package? Test your applications

Overview

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

References

Apache Security Advisory
CONFIRM
CONFIRM
CVE Details
Debian Security Advisory
Debian Security Tracker
MISC
Netapp Security Advisory
Oracle Security Advisory
Oracle Security Advisory
REDHAT
RedHat Bugzilla Bug
Security Focus
Ubuntu CVE Tracker
Ubuntu Security Advisory

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2018-16890
CWE: CWE-125 CWE-190
Snyk ID: SNYK-DEBIAN8-CURL-336291
Disclosed: 06 Feb, 2019
Published: 06 Feb, 2019

Out-of-bounds Read
Affecting curl package, versions <7.38.0-4+deb8u14

Overview

References

CVSS Score

Out-of-bounds Read Affecting curl package, versions <7.38.0-4+deb8u14

Overview

References

Out-of-bounds Read
Affecting curl package, versions <7.38.0-4+deb8u14