Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-16840

Опубликовано: 31 окт. 2018
Источник: nvd
CVSS3: 4.3
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curl_close() function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Версия от 7.59.0 (включая) до 7.62.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

EPSS

Процентиль: 51%
0.00277
Низкий

4.3 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-416
CWE-416

Связанные уязвимости

ubuntu логотип

CVE-2018-16840

CVSS3: 9.8
ubuntu
больше 7 лет назад

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

redhat логотип

CVE-2018-16840

CVSS3: 5
redhat
больше 7 лет назад

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

debian логотип

CVE-2018-16840

CVSS3: 9.8
debian
больше 7 лет назад

A heap use-after-free flaw was found in curl versions from 7.59.0 thro ...

github логотип

GHSA-6vwf-m72q-cw8h

CVSS3: 9.8
github
больше 3 лет назад

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

suse-cvrf логотип

openSUSE-SU-2018:3699-1

suse-cvrf
около 7 лет назад

Security update for curl

EPSS

Процентиль: 51%
0.00277
Низкий

4.3 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-416
CWE-416