Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-16890

Опубликовано: 06 фев. 2019
Источник: nvd
CVSS3: 5.4
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
Версия от 7.36.0 (включая) до 7.64.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*
Конфигурация 5
cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*
Версия до 2.0 (включая)
Конфигурация 6

Одно из

cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*
Конфигурация 7
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 8

Одно из

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Версия от 13.1.0 (включая) до 13.1.3 (включая)
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Версия от 14.0.0 (включая) до 14.1.2 (включая)
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Версия от 15.0.0 (включая) до 15.0.1 (включая)

EPSS

Процентиль: 78%
0.01236
Низкий

5.4 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125
CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2018-16890

CVSS3: 7.5
ubuntu
больше 6 лет назад

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

redhat логотип

CVE-2018-16890

CVSS3: 4.3
redhat
больше 6 лет назад

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

debian логотип

CVE-2018-16890

CVSS3: 7.5
debian
больше 6 лет назад

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap ...

github логотип

GHSA-53fg-3j53-939q

CVSS3: 7.5
github
около 3 лет назад

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

fstec логотип

BDU:2019-01750

CVSS3: 7.5
fstec
больше 6 лет назад

Уязвимость функции ntlm_decode_type2_target библиотеки libcurl, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 78%
0.01236
Низкий

5.4 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125
CWE-125