Heap-Based Buffer Over-Read in Curl by Haxx
CVE-2018-16842

4.4MEDIUM

Key Information:

Vendor: The Curl Project
Status: Curl:
Vendor: CVE Published:; 31 October 2018

What is CVE-2018-16842?

Curl versions between 7.14.1 and 7.61.1 contain a vulnerability in the tool_msgs.c:voutf() function that can result in a heap-based buffer over-read. This can potentially lead to unintended information exposure and could also result in denial of service. Users are advised to update to the latest versions to mitigate this issue.

Affected Version(s)

curl: from 7.14.1 to 7.61.1

References

https://security.gentoo.org/glsa/201903-03

vendor-advisoryx_refsource_GENTOO

https://www.debian.org/security/2018/dsa-4331

vendor-advisoryx_refsource_DEBIAN

https://lists.debian.org/debian-lts-announce/2018/11/msg0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2018
Vulnerability Reserved
Sep 11, 2018

The Curl Project

What is CVE-2018-16842?

Affected Version(s)

References

CVSS V3.1

Timeline