libcurl versions from 7.36.0 to prior to 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haxx libcurl |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 18.10 |
||
debian debian linux 9.0 |
||
netapp clustered data ontap |
||
siemens sinema remote connect client |
||
oracle http server 12.2.1.3.0 |
||
oracle secure global desktop 5.4 |
||
oracle communications operations monitor 3.4 |
||
oracle communications operations monitor 4.0 |
||
redhat enterprise linux 8.0 |
||
f5 big-ip access policy manager |