CVE-2018-16839

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-16839
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16839.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-16839
Aliases
Downstream
Related
Published
2018-10-31T18:29:00Z
Modified
2025-10-21T04:31:42.915462Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.

References

Affected packages

Git / github.com/curl/curl

Affected ranges

Type
GIT
Repo
https://github.com/curl/curl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f3a24d7916b9173c69a3e0ee790102993833d6c5

Affected versions

Other

before_ftp_statemachine
before_urldata_rename
curl-6_5
curl-6_5_1
curl-6_5_2
curl-7_10
curl-7_10_1
curl-7_10_2
curl-7_10_3
curl-7_10_4
curl-7_10_5
curl-7_10_6
curl-7_10_7
curl-7_10_8
curl-7_11_0
curl-7_11_1
curl-7_11_2
curl-7_12_0
curl-7_12_1
curl-7_12_2
curl-7_12_3
curl-7_13_0
curl-7_13_1
curl-7_13_2
curl-7_14_0
curl-7_14_1
curl-7_15_0
curl-7_15_1
curl-7_15_2
curl-7_15_3
curl-7_15_4
curl-7_15_5
curl-7_15_6-prepipeline
curl-7_16_0
curl-7_16_1
curl-7_16_2
curl-7_16_3
curl-7_16_4
curl-7_17_0
curl-7_17_0-preldapfix
curl-7_17_1
curl-7_18_0
curl-7_18_1
curl-7_18_2
curl-7_19_0
curl-7_19_1
curl-7_19_2
curl-7_19_3
curl-7_19_4
curl-7_19_5
curl-7_19_6
curl-7_19_7
curl-7_1_1
curl-7_2
curl-7_20_0
curl-7_20_1
curl-7_21_0
curl-7_21_1
curl-7_21_2
curl-7_21_3
curl-7_21_4
curl-7_21_5
curl-7_21_6
curl-7_21_7
curl-7_22_0
curl-7_23_0
curl-7_23_1
curl-7_24_0
curl-7_25_0
curl-7_26_0
curl-7_27_0
curl-7_28_0
curl-7_28_1
curl-7_29_0
curl-7_3
curl-7_30_0
curl-7_31_0
curl-7_32_0
curl-7_33_0
curl-7_34_0
curl-7_35_0
curl-7_36_0
curl-7_37_0
curl-7_37_1
curl-7_38_0
curl-7_39_0
curl-7_40_0
curl-7_41_0
curl-7_42_0
curl-7_43_0
curl-7_44_0
curl-7_45_0
curl-7_46_0
curl-7_47_0
curl-7_47_1
curl-7_48_0
curl-7_49_0
curl-7_49_1
curl-7_4_1
curl-7_5
curl-7_50_0
curl-7_50_1
curl-7_50_2
curl-7_50_3
curl-7_51_0
curl-7_52_0
curl-7_52_1
curl-7_53_0
curl-7_53_1
curl-7_54_0
curl-7_54_1
curl-7_55_0
curl-7_55_1
curl-7_56_0
curl-7_56_1
curl-7_57_0
curl-7_58_0
curl-7_59_0
curl-7_5_2
curl-7_6
curl-7_6-pre4
curl-7_60_0
curl-7_61_0
curl-7_61_1
curl-7_6_1
curl-7_6_1-pre1
curl-7_6_1-pre2
curl-7_6_1-pre3
curl-7_7
curl-7_7-beta1
curl-7_7-beta2
curl-7_7-beta3
curl-7_7-beta5
curl-7_7_1
curl-7_7_2
curl-7_7_3
curl-7_7_alpha2
curl-7_8
curl-7_8-pre2
curl-7_8_1
curl-7_8_1-pre3
curl-7_9
curl-7_9_1
curl-7_9_2
curl-7_9_3
curl-7_9_3-pre1
curl-7_9_3-pre2
curl-7_9_3-pre3
curl-7_9_4
curl-7_9_5
curl-7_9_5-pre2
curl-7_9_5-pre4
curl-7_9_6
curl-7_9_7
curl-7_9_7-pre2
curl-7_9_8
curl_7_6-pre3

Database specific

vanir_signatures

[
    {
        "id": "CVE-2018-16839-226b7354",
        "source": "https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "lib/vauth/cleartext.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "323405508741544077634728860040609514286",
                "223299084025646397460911356647096920855",
                "237287603532771469400165005710548925177",
                "294262302604077010113878498613345104589"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2018-16839-98aef08a",
        "source": "https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "Curl_auth_create_plain_message",
            "file": "lib/vauth/cleartext.c"
        },
        "digest": {
            "function_hash": "307941837594799485192212106034451078774",
            "length": 711.0
        },
        "signature_type": "Function"
    }
]