CVE-2018-16840

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-16840
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16840.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-16840
Aliases
Downstream
Related
Published
2018-10-31T18:29:00.307Z
Modified
2026-02-07T05:04:48.432772Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curl_close() function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

References

Affected packages

Git / github.com/curl/curl

Affected ranges

Type
GIT
Repo
https://github.com/curl/curl
Events
Fixed
81d135d67155c5295b1033679c606165d4e28f3f
Introduced
4d6bd91ab33328c6d27eddc32e064defc02dc4fd
Fixed
81d135d67155c5295b1033679c606165d4e28f3f

Affected versions

Other
curl-7_59_0
curl-7_60_0
curl-7_61_0
curl-7_61_1

Database specific

vanir_signatures 
[
    {
        "deprecated": false,
        "source": "https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f",
        "id": "CVE-2018-16840-5a294ae8",
        "target": {
            "file": "lib/url.c",
            "function": "Curl_close"
        },
        "digest": {
            "function_hash": "253867143457341161698845574111827314122",
            "length": 1388.0
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f",
        "id": "CVE-2018-16840-97a670ad",
        "target": {
            "file": "lib/url.c"
        },
        "digest": {
            "line_hashes": [
                "76450436232552618053190577593466383274",
                "56283251733270634435040735386618773715",
                "225146506795074944162099681821124504277",
                "72162716836877692358628916813877661635",
                "28202728034268574745574819732142521908"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16840.json"