Published: 05/09/2018 Updated: 22/04/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 891

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)

Vulnerable Product	Search on Vulmon	Subscribe to Product
haxx libcurl
canonical ubuntu linux 18.04
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
debian debian linux 9.0
redhat enterprise linux 6.0
redhat enterprise linux 7.5
redhat enterprise linux 7.6
redhat enterprise linux 7.0
redhat enterprise linux 7.4

Synopsis Low: curl security and bug fix update Type/Severity Security Advisory: Low Topic An update for curl is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives ...

Synopsis Moderate: httpd24 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of ...

Debian Bug report logs - #908327 curl: CVE-2018-14618: NTLM password overflow via integer overflow Package: src:curl; Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 8 Sep 2018 12:33:04 UTC Severity: serious Tags: fixed-upstream, secu ...

curl could be made to run arbitrary code if it received a specially crafted input ...

curl before version 7611 is vulnerable to a buffer overrun in the NTLM authentication code The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap The length value is then subsequently used to iterate over the password and generat ...

curl is vulnerable to a buffer overrun in the NTLM authentication code The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap The length value is then subsequently used to iterate over the password and generate output into the allo ...

curl before version 7611 is vulnerable to a buffer overrun in the NTLM authentication code The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap The length value is then subsequently used to iterate over the password and generat ...

Jenkins pipeline shared library adding features for Maven, Gradle, Docker, SonarQube, Git and others

ces-build-lib Jenkins Pipeline Shared library, that contains additional features for Git, Maven, etc in an object-oriented manner as well as some additional pipeline steps Table of contents Usage Syntax completion Maven Maven from local Jenkins tool Maven Wrapper With local JDK tool With the JDK provided by the build agent Maven in Docker Plain Maven In Docker Maven

Enforcer: A validating webhook used to enforce deployment standards A sample validation webhook to enforce deployment standards Currently the webhook parses deployments and pod specs, and scans the image's specified The webhook uses aquasec/trivy to perform the container image scanning Based on level of vulnerabilities to check for, if the container image has no vulner

CWE-190 https://curl.haxx.se/docs/CVE-2018-14618.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618 https://www.debian.org/security/2018/dsa-4286 http://www.securitytracker.com/id/1041605 https://usn.ubuntu.com/3765-1/https://usn.ubuntu.com/3765-2/https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014 https://access.redhat.com/errata/RHSA-2018:3558 https://security.gentoo.org/glsa/201903-03 https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf https://access.redhat.com/errata/RHSA-2019:1880 https://access.redhat.com/errata/RHSA-2019:1880 https://nvd.nist.gov https://usn.ubuntu.com/3765-2/https://access.redhat.com/errata/RHSA-2018:3558

CVE-2018-14618

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect