CVE-2018-16840

Опубликовано: 31 окт. 2018

Источник: ubuntu

Приоритет: medium

CVSS2: 7.5

CVSS3: 9.8

Описание

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curl_close() function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

Релиз	Статус	Примечание
bionic	not-affected	7.58.0-2ubuntu3.3
cosmic	released	7.61.0-1ubuntu2.2
devel	released	7.61.0-1ubuntu2.2
esm-infra-legacy/trusty	not-affected
esm-infra/bionic	not-affected	7.58.0-2ubuntu3.3
esm-infra/xenial	not-affected
precise/esm	not-affected
trusty	not-affected
trusty/esm	not-affected
upstream	pending	7.62.0

Показывать по

Ссылки на источники

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2018-16840

CVSS3: 5

redhat

больше 7 лет назад

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

CVE-2018-16840

CVSS3: 9.8

nvd

больше 7 лет назад

CVE-2018-16840

CVSS3: 9.8

debian

больше 7 лет назад

A heap use-after-free flaw was found in curl versions from 7.59.0 thro ...

GHSA-6vwf-m72q-cw8h

CVSS3: 9.8

github

больше 3 лет назад

openSUSE-SU-2018:3699-1

suse-cvrf

около 7 лет назад

Security update for curl

7.5 High

CVSS2

9.8 Critical

CVSS3

CVE-2018-16840

Описание

Пакет curl

Ссылки на источники

Связанные уязвимости