Published: 29/11/2017 Updated: 20/12/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

curl and libcurl prior to 7.57.0 on 32-bit platforms allow malicious users to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haxx curl 7.56.1
haxx libcurl 7.56.0
haxx libcurl 7.56.1
haxx curl 7.56.0

libcurl is vulnerable to a heap buffer out-of-bounds read The function handling incoming NTLM type-2 messages (`lib/vauth/ntlmc:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length ...

curl and libcurl before 7570 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library ...

An out-of-bounds flaw has been found in the SSL related code of libcurl >= 7560 and < 7570 When allocating memory for a connection (the internal struct called connectdata), a certain amount of memory is allocated at the end of the struct to be used for SSL related structs Those structs are used by the particular SSL library libcurl is b ...

CWE-119 https://curl.haxx.se/docs/adv_2017-af0a.html http://www.securitytracker.com/id/1039898 http://www.securityfocus.com/bid/102014 http://security.cucumberlinux.com/security/details.php?id=163 https://security.gentoo.org/glsa/201712-04 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2019-1162.html

CVE-2017-8818

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect