Buffer Overrun in Curl SASL Authentication Code by Haxx
CVE-2018-16839

4.3MEDIUM

Key Information:

Vendor: The Curl Project
Status: Curl:
Vendor: CVE Published:; 31 October 2018

What is CVE-2018-16839?

Versions of Curl from 7.33.0 to 7.61.1 contain a vulnerability in the SASL authentication code, which can lead to a buffer overrun. This flaw has the potential to enable attackers to cause a denial of service, affecting the application's ability to respond to legitimate requests.

Affected Version(s)

curl: from 7.33.0 to 7.61.1

References

https://security.gentoo.org/glsa/201903-03

vendor-advisoryx_refsource_GENTOO

https://www.debian.org/security/2018/dsa-4331

vendor-advisoryx_refsource_DEBIAN

https://lists.debian.org/debian-lts-announce/2018/11/msg0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2018
Vulnerability Reserved
Sep 11, 2018

The Curl Project

What is CVE-2018-16839?

Affected Version(s)

References

CVSS V3.1

Timeline