Buffer Overrun Vulnerability in Curl Affected by NTLM Authentication Issues
CVE-2018-14618

7.5HIGH

Key Information:

Vendor

[unknown]

Status
Curl
Vendor
CVE Published:
5 September 2018

What is CVE-2018-14618?

Curl versions prior to 7.61.1 are affected by a buffer overrun vulnerability within the NTLM authentication mechanism. The issue arises from an integer overflow during password length calculations, leading to insufficient memory allocation for generating authentication data. This flaw occurs specifically on systems utilizing a 32-bit size_t, where password lengths exceeding 2GB can trigger unexpected behaviors, ultimately resulting in potential heap buffer overflows. This vulnerability shares similarities with CVE-2017-8816, heightening the necessity for prompt updates to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

curl 7.61.1

References

https://curl.haxx.se/docs/CVE-2018-14618.html
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201903-03
vendor-advisoryx_refsource_GENTOO
https://usn.ubuntu.com/3765-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.