Buffer Overrun Vulnerability in Curl Affected by NTLM Authentication Issues
CVE-2018-14618

7.5HIGH

Key Information:

Vendor: [unknown]
Status: Curl
Vendor: CVE Published:; 5 September 2018

What is CVE-2018-14618?

Curl versions prior to 7.61.1 are affected by a buffer overrun vulnerability within the NTLM authentication mechanism. The issue arises from an integer overflow during password length calculations, leading to insufficient memory allocation for generating authentication data. This flaw occurs specifically on systems utilizing a 32-bit size_t, where password lengths exceeding 2GB can trigger unexpected behaviors, ultimately resulting in potential heap buffer overflows. This vulnerability shares similarities with CVE-2017-8816, heightening the necessity for prompt updates to mitigate risks.

Affected Version(s)

curl 7.61.1

References

https://curl.haxx.se/docs/CVE-2018-14618.html

x_refsource_CONFIRM

https://security.gentoo.org/glsa/201903-03

vendor-advisoryx_refsource_GENTOO

https://usn.ubuntu.com/3765-1/

vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2018
Vulnerability Reserved
Jul 27, 2018

CVE-2018-14618 Data

JSON

[unknown]

What is CVE-2018-14618?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline