CURL-CVE-2018-16840

See a problem?
Please try reporting it to the source first.
Source
https://curl.se/docs/CVE-2018-16840.html
Import Source
https://curl.se/docs/CURL-CVE-2018-16840.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2018-16840
Aliases
Published
2018-10-31T08:00:00Z
Modified
2024-07-02T09:22:24Z
Summary
use after free in handle close
Details

libcurl contains a heap use after free flaw in code related to closing an easy handle.

When closing and cleaning up an "easy" handle in the Curl_close() function, the library code first frees a struct (without clearing the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

Database specific 
{
    "www": "https://curl.se/docs/CVE-2018-16840.html",
    "package": "curl",
    "CWE": {
        "desc": "Use After Free",
        "id": "CWE-416"
    },
    "affects": "both",
    "severity": "Low",
    "last_affected": "7.61.1",
    "award": {
        "amount": "100",
        "currency": "USD"
    },
    "URL": "https://curl.se/docs/CVE-2018-16840.json"
}
References
Credits
    • Brian Carpenter (Geeknik Labs) - FINDER
    • Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.59.0
Fixed
7.62.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events
Introduced
b46cfbc068ebe90f18e9777b9e877e4934c1b5e3
Fixed
81d135d67155c5295b1033679c606165d4e28f3f

Affected versions

7.*

7.59.0
7.60.0
7.61.0
7.61.1

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CURL-CVE-2018-16840-a87c499d",
            "digest": {
                "line_hashes": [
                    "76450436232552618053190577593466383274",
                    "56283251733270634435040735386618773715",
                    "225146506795074944162099681821124504277",
                    "72162716836877692358628916813877661635",
                    "28202728034268574745574819732142521908"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "lib/url.c"
            },
            "signature_version": "v1",
            "source": "https://github.com/curl/curl.git/commit/81d135d67155c5295b1033679c606165d4e28f3f",
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CURL-CVE-2018-16840-ba2aaffc",
            "digest": {
                "length": 1388.0,
                "function_hash": "253867143457341161698845574111827314122"
            },
            "target": {
                "function": "Curl_close",
                "file": "lib/url.c"
            },
            "signature_version": "v1",
            "source": "https://github.com/curl/curl.git/commit/81d135d67155c5295b1033679c606165d4e28f3f",
            "deprecated": false,
            "signature_type": "Function"
        }
    ]
}