Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-16840

Опубликовано: 31 окт. 2018
Источник: redhat
CVSS3: 5
EPSS Низкий

Описание

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curl_close() function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
.NET Core 1.0 on Red Hat Enterprise Linuxrh-dotnetcore10-curlNot affected
.NET Core 1.1 on Red Hat Enterprise Linuxrh-dotnetcore11-curlNot affected
.NET Core 2.1 on Red Hat Enterprise Linuxrh-dotnet21-curlNot affected
Red Hat Enterprise Linux 5curlNot affected
Red Hat Enterprise Linux 6curlNot affected
Red Hat Enterprise Linux 7curlNot affected
Red Hat Enterprise Linux 8curlNot affected
Red Hat JBoss Core Servicesjbcs-httpd24-curlAffected
Red Hat JBoss Web Server 5curlNot affected
Red Hat Software Collectionshttpd24-curlFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1642203curl: Use-after-free when closing "easy" handle in Curl_close()

EPSS

Процентиль: 51%
0.00277
Низкий

5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-16840

CVSS3: 9.8
ubuntu
больше 7 лет назад

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

nvd логотип

CVE-2018-16840

CVSS3: 9.8
nvd
больше 7 лет назад

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

debian логотип

CVE-2018-16840

CVSS3: 9.8
debian
больше 7 лет назад

A heap use-after-free flaw was found in curl versions from 7.59.0 thro ...

github логотип

GHSA-6vwf-m72q-cw8h

CVSS3: 9.8
github
больше 3 лет назад

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

suse-cvrf логотип

openSUSE-SU-2018:3699-1

suse-cvrf
около 7 лет назад

Security update for curl

EPSS

Процентиль: 51%
0.00277
Низкий

5 Medium

CVSS3