CVE-2017-8816

The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.

References

Affected packages

Git / github.com/curl/curl

Affected ranges

Type

GIT

Repo

https://github.com/curl/curl

Events

Introduced

Last affected

c514af5a4f5ac3ce724065cc6a8e009373436f78

Introduced

4f041c9d6e61829310eb0715d8edb2a232478123

Last affected

c514af5a4f5ac3ce724065cc6a8e009373436f78

Introduced

Last affected

47ccaa4218c408e70671a2fa9caaa3caf8c1a877

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.56.1"
        },
        {
            "introduced": "7.36.0"
        },
        {
            "last_affected": "7.56.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        }
    ]
}

Affected versions

Other

curl-7_36_0

curl-7_37_0

curl-7_37_1

curl-7_38_0

curl-7_39_0

curl-7_40_0

curl-7_41_0

curl-7_42_0

curl-7_43_0

curl-7_44_0

curl-7_45_0

curl-7_46_0

curl-7_47_0

curl-7_47_1

curl-7_48_0

curl-7_49_0

curl-7_49_1

curl-7_50_0

curl-7_50_1

curl-7_50_2

curl-7_50_3

curl-7_51_0

curl-7_52_0

curl-7_52_1

curl-7_53_0

curl-7_53_1

curl-7_54_0

curl-7_54_1

curl-7_55_0

curl-7_55_1

curl-7_56_0

curl-7_56_1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8816.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]