CURL-CVE-2018-14618

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2018-14618.html

Import Source

https://curl.se/docs/CURL-CVE-2018-14618.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2018-14618

Aliases

CVE-2018-14618

Published

2018-09-05T08:00:00Z

Modified

2026-05-27T02:29:22.732742Z

Summary

NTLM password overflow via integer overflow

Details

libcurl contains a buffer overrun in the NTLM authentication code.

The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap.

The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32-bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a tiny buffer to actually get allocated instead of the intended huge one, making the use of that buffer end up in a heap buffer overflow.

(This bug is almost identical to CVE-2017-8816.)

Database specific

{
    "severity": "High",
    "www": "https://curl.se/docs/CVE-2018-14618.html",
    "CWE": {
        "id": "CWE-131",
        "desc": "Incorrect Calculation of Buffer Size"
    },
    "URL": "https://curl.se/docs/CVE-2018-14618.json",
    "affects": "both",
    "package": "curl",
    "last_affected": "7.61.0"
}

References

Credits

- Zhaoyang Wu - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.15.4

Fixed

7.61.1

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

be285cde3f52571087816759220a68cb994d9307

Fixed

57d299a499155d4b327e341c6024e293b0418243

Affected versions

7.*

7.15.4

7.15.5

7.16.0

7.16.1

7.16.2

7.16.3

7.16.4

7.17.0

7.17.1

7.18.0

7.18.1

7.18.2

7.19.0

7.19.1

7.19.2

7.19.3

7.19.4

7.19.5

7.19.6

7.19.7

7.20.0

7.20.1

7.21.0

7.21.1

7.21.2

7.21.3

7.21.4

7.21.5

7.21.6

7.21.7

7.22.0

7.23.0

7.23.1

7.24.0

7.25.0

7.26.0

7.27.0

7.28.0

7.28.1

7.29.0

7.30.0

7.31.0

7.32.0

7.33.0

7.34.0

7.35.0

7.36.0

7.37.0

7.37.1

7.38.0

7.39.0

7.40.0

7.41.0

7.42.0

7.42.1

7.43.0

7.44.0

7.45.0

7.46.0

7.47.0

7.47.1

7.48.0

7.49.0

7.49.1

7.50.0

7.50.1

7.50.2

7.50.3

7.51.0

7.52.0

7.52.1

7.53.0

7.53.1

7.54.0

7.54.1

7.55.0

7.55.1

7.56.0

7.56.1

7.57.0

7.58.0

7.59.0

7.60.0

7.61.0

Other

curl-7_15_4

curl-7_15_5

curl-7_15_6-prepipeline

curl-7_16_0

curl-7_16_1

curl-7_16_2

curl-7_16_3

curl-7_16_4

curl-7_17_0

curl-7_17_0-preldapfix

curl-7_17_1

curl-7_18_0

curl-7_18_1

curl-7_18_2

curl-7_19_0

curl-7_19_1

curl-7_19_2

curl-7_19_3

curl-7_19_4

curl-7_19_5

curl-7_19_6

curl-7_19_7

curl-7_20_0

curl-7_20_1

curl-7_21_0

curl-7_21_1

curl-7_21_2

curl-7_21_3

curl-7_21_4

curl-7_21_5

curl-7_21_6

curl-7_21_7

curl-7_22_0

curl-7_23_0

curl-7_23_1

curl-7_24_0

curl-7_25_0

curl-7_26_0

curl-7_27_0

curl-7_28_0

curl-7_28_1

curl-7_29_0

curl-7_30_0

curl-7_31_0

curl-7_32_0

curl-7_33_0

curl-7_34_0

curl-7_35_0

curl-7_36_0

curl-7_37_0

curl-7_37_1

curl-7_38_0

curl-7_39_0

curl-7_40_0

curl-7_41_0

curl-7_42_0

curl-7_42_1

curl-7_43_0

curl-7_44_0

curl-7_45_0

curl-7_46_0

curl-7_47_0

curl-7_47_1

curl-7_48_0

curl-7_49_0

curl-7_49_1

curl-7_50_0

curl-7_50_1

curl-7_50_2

curl-7_50_3

curl-7_51_0

curl-7_52_0

curl-7_52_1

curl-7_53_0

curl-7_53_1

curl-7_54_0

curl-7_54_1

curl-7_55_0

curl-7_55_1

curl-7_56_0

curl-7_56_1

curl-7_57_0

curl-7_58_0

curl-7_59_0

curl-7_60_0

curl-7_61_0

Database specific

source

"https://curl.se/docs/CURL-CVE-2018-14618.json"

vanir_signatures_modified

"2026-05-27T02:29:22Z"

vanir_signatures

[
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/curl/curl.git/commit/57d299a499155d4b327e341c6024e293b0418243",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "308639007250509123190976279093395161667",
                "22425808840478996378096397749848053213",
                "180330362882211631427711985805115613750",
                "169213246600422826387397555860516277626",
                "71393262281816378382005532163113147318"
            ]
        },
        "id": "CURL-CVE-2018-14618-98a98d12",
        "deprecated": false,
        "target": {
            "file": "lib/curl_ntlm_core.c"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/curl/curl.git/commit/57d299a499155d4b327e341c6024e293b0418243",
        "digest": {
            "function_hash": "218596901524376433772706707277383241298",
            "length": 1784.0
        },
        "id": "CURL-CVE-2018-14618-b9807594",
        "deprecated": false,
        "target": {
            "file": "lib/curl_ntlm_core.c",
            "function": "Curl_ntlm_core_mk_nt_hash"
        }
    }
]