Published: 06/02/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

libcurl versions from 7.36.0 to prior to 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haxx libcurl
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
debian debian linux 9.0
netapp clustered data ontap
siemens sinema remote connect client
oracle http server 12.2.1.3.0
oracle secure global desktop 5.4
oracle communications operations monitor 3.4
oracle communications operations monitor 4.0
redhat enterprise linux 8.0
f5 big-ip access policy manager

Several security issues were fixed in curl ...

Synopsis Moderate: curl security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for curl is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base sco ...

Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

libcurl is vulnerable to a heap buffer out-of-bounds read The function handling incoming NTLM type-2 messages (`lib/vauth/ntlmc:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length ...

Impact: Moderate Public Date: 2019-02-06 CWE: CWE-125 Bugzilla: 1670252: CVE-2018-16890 curl: NTLM type ...

libcurl versions from 7360 to before 7640 is vulnerable to a heap buffer out-of-bounds read The function handling incoming NTLM type-2 messages (`lib/vauth/ntlmc:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability Using that overflow, a malicious or broken NTLM server could ...

CVE-2018-16890

CVE-2018-16890 An out-of-bounds read flaw was found in the way curl handled NTLMv2 type-2 headers When connecting to a remote malicious server which uses NTLM authentication, the flaw could cause curl to crash A simple script to check your curl

CWE-125 CWE-190 https://curl.haxx.se/docs/CVE-2018-16890.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890 https://www.debian.org/security/2019/dsa-4386 https://usn.ubuntu.com/3882-1/http://www.securityfocus.com/bid/106947 https://security.netapp.com/advisory/ntap-20190315-0001/https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://access.redhat.com/errata/RHSA-2019:3701 https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E https://support.f5.com/csp/article/K03314397?utm_source=f5support&%3Butm_medium=RSS https://usn.ubuntu.com/3882-1/https://nvd.nist.gov

CVE-2018-16890

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect