CVE-2018-16890
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-16890
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16890.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-16890
- Aliases
- Downstream
- Related
- Published
- 2019-02-06T20:29:00Z
- Modified
- 2025-10-10T01:19:37.612077Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (
lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. - References
-
- http://www.securityfocus.com/bid/106947
- https://access.redhat.com/errata/RHSA-2019:3701
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890
- https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf
- https://curl.haxx.se/docs/CVE-2018-16890.html
- https://security.netapp.com/advisory/ntap-20190315-0001/
- https://usn.ubuntu.com/3882-1/
- https://www.debian.org/security/2019/dsa-4386
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E
- https://support.f5.com/csp/article/K03314397?utm_source=f5support&%3Butm_medium=RSS
Affected packages
Git / github.com/curl/curl
Affected versions
Other
curl-7_36_0
curl-7_37_0
curl-7_37_1
curl-7_38_0
curl-7_39_0
curl-7_40_0
curl-7_41_0
curl-7_42_0
curl-7_43_0
curl-7_44_0
curl-7_45_0
curl-7_46_0
curl-7_47_0
curl-7_47_1
curl-7_48_0
curl-7_49_0
curl-7_49_1
curl-7_50_0
curl-7_50_1
curl-7_50_2
curl-7_50_3
curl-7_51_0
curl-7_52_0
curl-7_52_1
curl-7_53_0
curl-7_53_1
curl-7_54_0
curl-7_54_1
curl-7_55_0
curl-7_55_1
curl-7_56_0
curl-7_56_1
curl-7_57_0
curl-7_58_0
curl-7_59_0
curl-7_60_0
curl-7_61_0
curl-7_61_1
curl-7_62_0
curl-7_63_0