CVE-2018-16839

Several security issues were fixed in curl ...

Debian Bug report logs - #908327 curl: CVE-2018-14618: NTLM password overflow via integer overflow Package: src:curl; Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 8 Sep 2018 12:33:04 UTC Severity: serious Tags: fixed-upstream, secu ...

Two vulnerabilities were discovered in cURL, an URL transfer library CVE-2018-16839 Harry Sintonen discovered that, on systems with a 32 bit size_t, an integer overflow would be triggered when a SASL user name longer than 2GB is used This would in turn cause a very small buffer to be allocated instead of the intended very huge on ...

A heap use-after-free flaw was found in curl related to closing an easy handle When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct (CVE-2018-16840) Curl is v ...

libcurl is vulnerable to a heap buffer out-of-bounds read The function handling incoming NTLM type-2 messages (`lib/vauth/ntlmc:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length ...

Curl versions 7330 through 7611 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service ...

The internal function Curl_auth_create_plain_message fails to correctly verify that the passed in lengths for name and password aren't too long, then calculates a buffer size to allocate On systems with a 32 bit size_t, the math to calculate the buffer size triggers an integer overflow when the user name length exceeds 2GB (2^31 bytes) This integ ...