CVE-2018-16842

Synopsis Low: curl security and bug fix update Type/Severity Security Advisory: Low Topic An update for curl is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives ...

Debian Bug report logs - #908327 curl: CVE-2018-14618: NTLM password overflow via integer overflow Package: src:curl; Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 8 Sep 2018 12:33:04 UTC Severity: serious Tags: fixed-upstream, secu ...

Several security issues were fixed in curl ...

Several security issues were fixed in curl ...

Two vulnerabilities were discovered in cURL, an URL transfer library CVE-2018-16839 Harry Sintonen discovered that, on systems with a 32 bit size_t, an integer overflow would be triggered when a SASL user name longer than 2GB is used This would in turn cause a very small buffer to be allocated instead of the intended very huge on ...

A heap use-after-free flaw was found in curl related to closing an easy handle When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct (CVE-2018-16840) Curl is v ...

libcurl is vulnerable to a heap buffer out-of-bounds read The function handling incoming NTLM type-2 messages (`lib/vauth/ntlmc:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length ...

Curl versions 7141 through 7611 are vulnerable to a heap-based buffer over-read in the tool_msgsc:voutf() function that may result in information exposure and denial of service ...

Curl versions 7141 through 7611 are vulnerable to a heap-based buffer over-read in the tool_msgsc:voutf() function that may result in information exposure and denial of service This display function formats the output to wrap at 80 columns The wrap logic is however flawed, so if a single word in the message is itself longer than 80 bytes the ...