CVE-2018-16890

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*

Configuration 7 (hide)

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 8 (hide)

OR cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

Information

Published : 2019-02-06 12:29

Updated : 2020-09-18 09:33


NVD link : CVE-2018-16890

Mitre link : CVE-2018-16890


JSON object : View

CWE
CWE-125

Out-of-bounds Read

CWE-190

Integer Overflow or Wraparound

Advertisement

dedicated server usa

Products Affected

netapp

  • clustered_data_ontap

redhat

  • enterprise_linux

oracle

  • secure_global_desktop
  • communications_operations_monitor
  • http_server

siemens

  • sinema_remote_connect_client

canonical

  • ubuntu_linux

f5

  • big-ip_access_policy_manager

haxx

  • libcurl

debian

  • debian_linux