Heap-Based Buffer Over-Read in Curl by Haxx
CVE-2018-16842
4.4MEDIUM
What is CVE-2018-16842?
Curl versions between 7.14.1 and 7.61.1 contain a vulnerability in the tool_msgs.c:voutf() function that can result in a heap-based buffer over-read. This can potentially lead to unintended information exposure and could also result in denial of service. Users are advised to update to the latest versions to mitigate this issue.
Affected Version(s)
curl: from 7.14.1 to 7.61.1