CURL-CVE-2018-16840

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2018-16840.html

Import Source

https://curl.se/docs/CURL-CVE-2018-16840.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2018-16840

Aliases

CVE-2018-16840

Published

2018-10-31T08:00:00Z

Modified

2024-07-02T09:22:24Z

Summary

use after free in handle close

Details

libcurl contains a heap use after free flaw in code related to closing an easy handle.

When closing and cleaning up an "easy" handle in the Curl_close() function, the library code first frees a struct (without clearing the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

Database specific

{
    "www": "https://curl.se/docs/CVE-2018-16840.html",
    "award": {
        "currency": "USD",
        "amount": "100"
    },
    "last_affected": "7.61.1",
    "severity": "Low",
    "package": "curl",
    "affects": "both",
    "CWE": {
        "id": "CWE-416",
        "desc": "Use After Free"
    },
    "URL": "https://curl.se/docs/CVE-2018-16840.json"
}

References

Credits

- Brian Carpenter (Geeknik Labs) - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.59.0

Fixed

7.62.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

b46cfbc068ebe90f18e9777b9e877e4934c1b5e3

Fixed

81d135d67155c5295b1033679c606165d4e28f3f

Affected versions

7.*

7.59.0

7.60.0

7.61.0

7.61.1

Database specific

vanir_signatures

[
    {
        "id": "CURL-CVE-2018-16840-a87c499d",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "lib/url.c"
        },
        "source": "https://github.com/curl/curl.git/commit/81d135d67155c5295b1033679c606165d4e28f3f",
        "digest": {
            "line_hashes": [
                "76450436232552618053190577593466383274",
                "56283251733270634435040735386618773715",
                "225146506795074944162099681821124504277",
                "72162716836877692358628916813877661635",
                "28202728034268574745574819732142521908"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line"
    },
    {
        "id": "CURL-CVE-2018-16840-ba2aaffc",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "Curl_close",
            "file": "lib/url.c"
        },
        "source": "https://github.com/curl/curl.git/commit/81d135d67155c5295b1033679c606165d4e28f3f",
        "digest": {
            "length": 1388.0,
            "function_hash": "253867143457341161698845574111827314122"
        },
        "signature_type": "Function"
    }
]